Description
An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position may be able to intercept network traffic.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Network Traffic Interception
Action: Immediate Patch
AI Analysis

Impact

An authentication flaw arising from improper state management enabled an adversary positioned on a privileged network to observe or manipulate traffic traversing affected Apple devices. The weakness involves failure to enforce authentication, allowing the interception of communications that are otherwise protected, thereby exposing confidential data and potentially permitting man‑in‑the‑middle attacks. The core defect aligns with improper access control (CWE‑285). The severity is reflected by a CVSS score of 7.5, indicating a high‑risk vulnerability.

Affected Systems

Apple iOS 18.7.7, 26.4 and iPadOS 18.7.7, 26.4, macOS Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4, as well as all earlier releases of these operating systems, are susceptible to this compromise. The flaw is present across all major Apple platforms, requiring updates on each device type to mitigate the issue.

Risk and Exploitability

The CVSS score signals a high impact, yet the EPSS probability of less than 1% suggests that widespread exploitation is presently unlikely. The vulnerability is not catalogued in CISA’s KEV archive, implying no known active exploits. Nevertheless, because an attacker must live on a network with elevated privileges to leverage the flaw, organizations with such infrastructure must treat the risk as significant and ensure timely patching or network restrictions to reduce exposure.

Generated by OpenCVE AI on March 26, 2026 at 15:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the device to the latest patched releases—iOS 18.7.7/26.4, iPadOS 18.7.7/26.4, macOS Sequoia 15.7.5, Sonoma 14.8.5, Tahoe 26.4, tvOS 26.4, visionOS 26.4, or watchOS 26.4— or any newer versions that contain the state‑management fix.
  • Verify that the update completes successfully and that the device functions normally after the upgrade.
  • As a temporary protective measure, restrict the device’s network access to trusted segments or apply VLAN segmentation to limit its exposure to privileged network traffic.
  • Consult Apple support resources for any additional guidance or updates on the vulnerability.

Generated by OpenCVE AI on March 26, 2026 at 15:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
Title Authentication Flaw Allowing Network Traffic Interception in Apple Operating Systems

Thu, 26 Mar 2026 12:30:00 +0000

Type Values Removed Values Added
Title Network Traffic Interception via Authentication State Flaw
Weaknesses CWE-200

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Network Traffic Interception via Authentication State Flaw
Weaknesses CWE-200

Wed, 25 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-285
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An attacker in a privileged network position may be able to intercept network traffic.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:22:33.373Z

Reserved: 2026-03-03T16:36:03.973Z

Link: CVE-2026-28865

cve-icon Vulnrichment

Updated: 2026-03-25T19:49:21.676Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:10.563

Modified: 2026-03-25T21:30:15.960

Link: CVE-2026-28865

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T09:50:30Z

Weaknesses