CVE-2026-28860

Vulnerability

CVE-2026-28860 is a vulnerability in Apple's Keychain implementation affecting multiple platforms. The issue, described as an input validation flaw, allows a local attacker to modify the state of the Keychain. Affected versions include iOS and iPadOS prior to 18.7.7 and 26.4, macOS Sequoia prior to 15.7.5, macOS Sonoma prior to 14.8.5, macOS Tahoe prior to 26.4, tvOS prior to 26.4, visionOS prior to 26.4, and watchOS prior to 26.4 [1][2][3][4].

Exploitation

A local attacker requires access to the device or a local session to exploit this vulnerability. The attacker must be able to execute code or interact with the Keychain. The exact exploitation steps are not detailed in the available references, but the vulnerability is triggered by sending crafted input that bypasses validation checks [1].

Impact

Successful exploitation allows an attacker to modify the state of the Keychain, potentially altering stored credentials, certificates, or other secrets managed by the Keychain service. This can lead to unauthorized access to sensitive data or services protected by the compromised credentials. The impact is limited to local access, meaning an attacker must already have a foothold on the system [1].

Mitigation

Apple has released fixes in the following versions, all dated March 24, 2026: iOS 18.7.7 and 26.4, iPadOS 18.7.7 and 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. Users should update to these versions immediately via Software Update settings [1][2][3][4]. No workarounds are mentioned, and the issue is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date.