VYPR
← All advisories
High severity7.1NVD Advisory· Published Mar 25, 2026· Updated Apr 27, 2026

CVE-2026-28825

CVE-2026-28825

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

CVE-2026-28825 is a kernel heap out-of-bounds write in smbfs.kext that allows an app to modify protected parts of the file system.

Vulnerability

Overview

CVE-2026-28825 is an out-of-bounds write in the macOS kernel's SMB filesystem driver (smbfs.kext). The issue stems from insufficient bounds checking when handling certain SMB2 protocol messages, leading to a heap-based buffer overflow. Apple addressed the vulnerability by improving bounds checking in the affected code path. [1][4]

Exploitation

An attacker would need to run a malicious application on the target system to trigger the out-of-bounds write. No special network privileges are required; the attack vector is local. The vulnerability can be exploited without user interaction beyond launching the app. [4]

Impact

Successful exploitation allows an attacker to modify protected parts of the file system, potentially bypassing security mechanisms such as System Integrity Protection (SIP). This could lead to privilege escalation or persistent compromise of the system. [1][4]

Mitigation

Apple has released patches are available in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Apple does not disclose any workarounds for this issue. Users should update to the latest versions to protect against exploitation. [1][2][3]

References
  1. About the security content of macOS Tahoe 26.4 - Apple Support
  2. About the security content of macOS Sequoia 15.7.5 - Apple Support
  3. About the security content of macOS Sonoma 14.8.5 - Apple Support
  4. MAD Bugs: An Apple Kernel Bug, Brought to You by Microsoft

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2
  • Apple Inc./macOS2 versions
    cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*range: >=14.0,<14.8.5
    • (no CPE)range: <15.7.5, <14.8.5, <26.4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.