Description
A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker may be able to cause a denial-of-service.
Published: 2026-03-25
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Denial of Service
Action: Patch Now
AI Analysis

Impact

A flaw in Apple’s operating systems allows a remote attacker to trigger a denial of service by delivering specially crafted input that is insufficiently validated. The vulnerability is classified as CWE-20 and can cause system processes or applications to crash or become unresponsive, disrupting normal device operation.

Affected Systems

The issue affects Apple iOS, iPadOS, and macOS versions that are older than the corrected releases: iOS and iPadOS prior to 26.4, macOS Sequoia before 15.7.5, macOS Sonoma before 14.8.5, and macOS Tahoe before 26.4. No additional version details are provided in the CVE data.

Risk and Exploitability

The CVSS score of 7.5 marks this as high severity, while the EPSS score of less than 1% indicates a low likelihood of widespread automated exploitation. The vulnerability is not currently listed in the CISA KEV catalog. Based on the description, a remote attacker could likely send the problematic input via a network service or application interface; the exact entry point is not specified, but the exploit would rely on remote delivery of malformed data.

Generated by OpenCVE AI on March 25, 2026 at 20:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest iOS or iPadOS updates, version 26.4 or later.
  • Apply the latest macOS updates, Sequoia 15.7.5, Sonoma 14.8.5, or Tahoe 26.4 or later.
  • Enable automatic OS updates to receive future fixes.
  • If patching cannot occur immediately, limit device exposure to untrusted networks and watch for abnormal application crashes.

Generated by OpenCVE AI on March 25, 2026 at 20:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
Title Apple iOS, iPadOS, and macOS Remote Denial of Service Vulnerability

Wed, 25 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Wed, 25 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-20
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Vendors & Products Apple
Apple ios And Ipados
Apple macos

Wed, 25 Mar 2026 01:00:00 +0000

Type Values Removed Values Added
Description A denial-of-service issue was addressed with improved input validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. A remote attacker may be able to cause a denial-of-service.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:13:07.838Z

Reserved: 2026-03-03T16:36:03.981Z

Link: CVE-2026-28894

cve-icon Vulnrichment

Updated: 2026-03-25T15:01:23.991Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-25T01:17:12.873

Modified: 2026-03-25T17:59:30.797

Link: CVE-2026-28894

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T20:56:33Z

Weaknesses