Description
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected app termination.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow was discovered in several Apple operating systems, caused by insufficient bounds checking. The flaw allows a remote attacker to trigger unexpected application termination, resulting in a denial‑of‑service condition for the affected app. The weakness is a classic stack-based buffer overflow as identified by CWE‑121.

Affected Systems

Apple’s iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are impacted. The fix is included in iOS 18.7.9 and 26.5, iPadOS 18.7.9 and 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5; any earlier releases lack the patch.

Risk and Exploitability

The publicly available CVE information states that a remote attacker could cause application termination, but it does not detail the specific input or path used to trigger the stack overflow. It is therefore inferred that the attack vector involves the delivery of malformed data over the network. The CVSS score of 7.5 indicates a high severity, while the EPSS score of less than 1 % and absence from the CISA KEV list suggest a low likelihood of widespread exploitation at present. The impact remains a loss of availability for the compromised application, without elevation of privileges or code execution.

Generated by OpenCVE AI on May 12, 2026 at 22:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade all affected Apple OS devices to iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5, or later releases containing the fix.
  • Limit the use of older or unsupported devices that cannot receive the update, and monitor device logs for abnormal termination events.
  • Apply any vendor‑approved patches or updates to third‑party applications that exhibit similar buffer‑overflow vulnerabilities.

Generated by OpenCVE AI on May 12, 2026 at 22:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 23:15:00 +0000

Type Values Removed Values Added
Title Buffer overflow causing application termination on Apple OSes

Tue, 12 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Apple OSs Causing Application Termination
Weaknesses CWE-120

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-121
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 22:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Apple OSs Causing Application Termination
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Weaknesses CWE-120
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected app termination.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T17:18:58.402Z

Reserved: 2026-03-03T16:36:03.970Z

Link: CVE-2026-28846

cve-icon Vulnrichment

Updated: 2026-05-12T17:18:45.714Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:51.410

Modified: 2026-05-12T18:16:47.880

Link: CVE-2026-28846

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T23:00:12Z

Weaknesses