Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-05-11
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability originates from a flaw in memory handling that causes an unexpected process crash when maliciously crafted web content is processed. This flaw can be triggered by content delivered through web browsers or embedded web views, leading to a denial‑of‑service condition for the affected application or the entire operating system. The impact is a temporary loss of service; there is no evidence of persistent or privileged execution.

Affected Systems

Apple iOS, Apple iPadOS, Apple macOS, Apple tvOS, Apple visionOS, and Apple watchOS are affected. The fix is provided in iOS 18.7.9 and 26.5, iPadOS 18.7.9 and 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.

Risk and Exploitability

The EPSS score is not available and the vulnerability is not listed in CISA’s KEV catalog, indicating no publicly confirmed exploits at present. The likely attack vector is the delivery of malicious web content, which can be remote if executed within a web browser or local if used by a native application that renders web content. Without an exploit that turns the crash into code execution, the risk remains a denial‑of‑service threat, but timely patching eliminates the vulnerability.

Generated by OpenCVE AI on May 11, 2026 at 21:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates that contain the memory‑handling fix (iOS 18.7.9/26.5, iPadOS 18.7.9/26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5).
  • Restrict or disable the loading of untrusted web content wherever possible, such as through secure browsing settings or app sandboxing.
  • Keep all web‑related software, including browsers and embedded web view components, up to date to ensure the same memory‑handling improvements are applied.

Generated by OpenCVE AI on May 11, 2026 at 21:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 22:00:00 +0000

Type Values Removed Values Added
Title Memory Handling Bug Causing Process Crashes from Malicious Web Content
Weaknesses CWE-119
CWE-665

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-11T20:07:35.962Z

Reserved: 2026-03-03T16:36:03.970Z

Link: CVE-2026-28847

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:51.507

Modified: 2026-05-12T14:13:03.510

Link: CVE-2026-28847

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T22:15:06Z

Weaknesses