Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-05-11
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from improperly handling memory during web content processing, a flaw that is inferred to cause unexpected process crashes when maliciously crafted content is rendered. These crashes interrupt normal operation, leading to denial of service for the affected device or application.

Affected Systems

Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are impacted. Versions before 26.5 are known to be vulnerable; the issue is resolved starting in iOS 26.5, iPadOS 26.5, macOS 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.

Risk and Exploitability

The flaw does not grant code execution or data exfiltration. The attack vector is inferred to be through a web browser or any component that processes web content, requiring the target to load malicious data. No public exploitation has been reported, EPSS is not available, and the vulnerability is not listed in CISA KEV. The risk level is moderate because of the lack of exploitation evidence and the absence of a clear attack path beyond the need to render malicious content.

Generated by OpenCVE AI on May 11, 2026 at 22:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest Apple software updates (iOS 26.5, iPadOS 26.5, macOS 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5) on all affected devices
  • After the update, reboot the device to ensure the new code is active
  • Enable automatic updates or periodically check Apple Support for future patches to safeguard against similar issues

Generated by OpenCVE AI on May 11, 2026 at 22:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
CWE-120

Mon, 11 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-11T20:07:36.998Z

Reserved: 2026-03-03T16:36:03.983Z

Link: CVE-2026-28902

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:53.017

Modified: 2026-05-12T14:13:03.510

Link: CVE-2026-28902

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T22:30:08Z

Weaknesses