Description
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
Published: 2026-05-11
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A maliciously crafted file can trigger unexpected app termination in affected Apple operating systems, leading to a denial of service for users who rely on the app. The vulnerability is related to improper handling of file input, which can cause a crash when the file is processed. This impact is limited to the app that reads the file and does not allow an attacker to execute arbitrary code or gain privileged access.

Affected Systems

Apple iOS (18.7.9+), iPadOS (18.7.9+), macOS Sonoma (14.8.7+) and macOS Tahoe (26.5+), visionOS (26.5+). Devices running earlier versions of these operating systems are vulnerable.

Risk and Exploitability

Because the EPSS score is not available and the vulnerability is not listed in CISA KEV, there is no publicly documented exploitation of the flaw. The likely attack vector is delivery of a malicious file to the device, either locally or via a network service that allows file uploads or downloads. Based on the description, it is inferred that the attack requires the victim to open or process the malicious file, and the exploitation probability is not well quantified.

Generated by OpenCVE AI on May 11, 2026 at 21:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update to the latest OS releases (iOS 18.7.9, iPadOS 18.7.9, macOS 14.8.7, macOS 26.5, visionOS 26.5 or newer).
  • Avoid opening or running files from untrusted or unknown sources.
  • Monitor applications for unexplained crashes and install any subsequent security updates promptly.

Generated by OpenCVE AI on May 11, 2026 at 21:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 22:15:00 +0000

Type Values Removed Values Added
Title Malicious File Causing Unexpected App Termination
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple visionos
Weaknesses CWE-665
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple visionos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
References

Subscriptions

Apple Ios And Ipados Macos Visionos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-11T20:08:39.210Z

Reserved: 2026-03-03T16:36:03.989Z

Link: CVE-2026-28936

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:55.123

Modified: 2026-05-12T14:13:03.510

Link: CVE-2026-28936

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T22:00:07Z

Weaknesses