CVE-2026-28958
Description
This issue was addressed with improved data protection. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access sensitive user data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A data protection issue in Apple operating systems allows an app to access sensitive user data, addressed with improved data protection in Safari 26.5, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.
Vulnerability
Overview
CVE-2026-28958 is a data protection issue in Apple's operating systems that could allow an app to access sensitive user data. The root cause is not explicitly detailed, but it was addressed with improved data protection mechanisms.
Exploitation
The vulnerability is exploitable by an app running on the affected system. No user interaction beyond running the app is required, and it can be triggered without specific network access, making it a local attack vector.
Impact
Successful exploitation could lead to unauthorized access to sensitive user data, such as personal information, credentials, or other private data stored on the device.
Mitigation
Apple has released security updates for Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5. Users are advised to install the latest updates to protect their devices [1][2][3][4].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- support.apple.com/en-us/127110nvdRelease NotesVendor Advisory
- support.apple.com/en-us/127115nvdRelease NotesVendor Advisory
- support.apple.com/en-us/127120nvdRelease NotesVendor Advisory
- support.apple.com/en-us/127121nvd
News mentions
1- Apple Patches Everything, (Mon, May 11th)SANS Internet Storm Center · May 11, 2026