Description
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to cause unexpected system termination.
Published: 2026-03-25
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Unexpected System Termination
Action: Update macOS
AI Analysis

Impact

A race condition in macOS can trigger unexpected system termination. The flaw, identified as CWE-362, allows concurrent threads or processes to interfere with each other’s state handling, potentially causing the operating system to crash or halt without warning. The impact is a denial‑of‑service scenario where the system becomes unavailable for legitimate use.

Affected Systems

Apple macOS versions before Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4 are affected. Users running any earlier releases of these macOS iterations are vulnerable to the crash condition until the security update is applied.

Risk and Exploitability

The CVSS score of 5.1 indicates a moderate severity, while an EPSS score of less than 1% implies a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog, further suggesting limited active exploitation. The attack vector likely requires a locally executed race condition between concurrent processes or elevated privileges, which may constrain an attacker’s reach but still enables service disruption if successfully leveraged.

Generated by OpenCVE AI on March 25, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest macOS update that includes the fix, such as Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4.

Generated by OpenCVE AI on March 25, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Race Condition Causing Unexpected System Termination in macOS

Wed, 25 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
Metrics cvssV3_1

{'score': 5.1, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple macos
Vendors & Products Apple
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:19:08.265Z

Reserved: 2026-03-03T16:36:03.969Z

Link: CVE-2026-28834

cve-icon Vulnrichment

Updated: 2026-03-25T14:32:57.520Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:08.487

Modified: 2026-03-25T20:52:18.087

Link: CVE-2026-28834

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T21:16:43Z

Weaknesses