Description
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory.
Published: 2026-03-25
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Kernel Memory Corruption
Action: Immediate Patch
AI Analysis

Impact

A classic buffer overflow was reported, resulting from inadequate bounds checking. This flaw lets a remote user trigger unexpected system termination or corrupt kernel memory, a vulnerability classified as CWE‑120. The potential impact includes loss of availability and, if an attacker can successfully write to arbitrary kernel memory, a compromise of confidentiality and integrity on the affected device.

Affected Systems

The defect affects Apple iOS and iPadOS devices running any release prior to version 26.4. Apple’s advisory indicates that iOS 26.4 and iPadOS 26.4 contain the fix, protecting devices that run those or later releases.

Risk and Exploitability

The CVSS score of 9.8 signals a critical severity. Although the EPSS indicates a probability of exploitation of less than 1 % and the vulnerability is not listed in the KEV catalog, the remote nature of the attack and the serious consequence of kernel memory corruption make the risk high. Based on the description, it is inferred that a remote attacker could deliver a crafted payload to trigger the overflow, potentially enabling further exploitation such as code execution.

Generated by OpenCVE AI on March 26, 2026 at 21:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the device to iOS 26.4 or iPadOS 26.4 as soon as possible.
  • Verify that the operating system version is at least 26.4.
  • If an update cannot be performed immediately, restrict the device’s exposure to untrusted networks and monitor for kernel crashes or abnormal behavior.

Generated by OpenCVE AI on March 26, 2026 at 21:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

References
Link Providers
https://support.apple.com/en-us/126792 cve-icon cve-icon
History

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Kernel Buffer Overflow in iOS and iPadOS Allowing Remote Memory Corruption

Thu, 26 Mar 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Kernel Memory Corruption via Buffer Overflow in iOS/iPadOS
Weaknesses CWE-125
CWE-787

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Kernel Memory Corruption via Buffer Overflow in iOS/iPadOS
Weaknesses CWE-125
CWE-787

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Vendors & Products Apple
Apple ios And Ipados

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 26.4 and iPadOS 26.4. A remote user may be able to cause unexpected system termination or corrupt kernel memory.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:20:23.507Z

Reserved: 2026-03-03T16:36:03.972Z

Link: CVE-2026-28858

cve-icon Vulnrichment

Updated: 2026-03-25T19:20:43.746Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:09.920

Modified: 2026-03-26T18:58:43.767

Link: CVE-2026-28858

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:50:37Z

Weaknesses