VYPR
← All advisories
High severity7.1NVD Advisory· Published May 11, 2026· Updated May 13, 2026

CVE-2026-28941

CVE-2026-28941

Description

The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Tahoe 26.5. Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Processing a maliciously crafted file in Apple operating systems can cause denial-of-service or memory disclosure; patched in recent iOS, iPadOS, and macOS updates.

The vulnerability stems from insufficient bounds checking when processing maliciously crafted files. An out-of-bounds read can occur, leading to potential system instability or memory disclosure [1][2][3].

To exploit the vulnerability, an attacker would need to deliver a specially crafted file to the target system, such as through email or web download. User interaction is likely required to open or process the file.

Successful exploitation may cause the affected application or system to crash, resulting in a denial-of-service condition. Additionally, memory contents could be disclosed, potentially exposing sensitive information.

Apple has addressed the issue in iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, and macOS Tahoe 26.5. Users are advised to update their devices as soon as possible [1][2][3].

References
  1. About the security content of macOS Tahoe 26.5 - Apple Support
  2. About the security content of iOS 18.7.9 and iPadOS 18.7.9 - Apple Support
  3. About the security content of macOS Sequoia 15.7.7 - Apple Support

AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

2