Description
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An integer overflow could allow an application to cause an unexpected system termination, effectively crashing the operating system. Based on the description, it is inferred that the overflow occurs during unchecked arithmetic operations within the system, which could be triggered by crafted input. The weakness is a classic unchecked arithmetic overflow, leading to resource exhaustion or failure state. The incident could compromise the integrity and availability of the affected device, but there is no indication of remote code execution or data disclosure.

Affected Systems

Apple’s iOS, iPadOS, and macOS operating systems are impacted. The affected releases include iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.

Risk and Exploitability

The EPSS score is < 1% and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog, suggesting limited current exploitation evidence. The risk remains moderate due to the potential for local applications to trigger the overflow and crash the system. Based on the description, it is inferred that attackers would need to supply crafted input to the vulnerable component; the exact attack path is not fully detailed in the advisory, but the impact is clear as a denial of service through unexpected termination. The CVSS score of 7.5 indicates a high severity, but the overall risk remains moderate due to the low exploitation probability and the local nature of the vulnerability.

Generated by OpenCVE AI on May 12, 2026 at 21:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update iOS to version 18.7.9 or later
  • Update iPadOS to version 18.7.9 or later
  • Update macOS Sequoia to version 15.7.7 or later
  • Update macOS Sonoma to version 14.8.7 or later
  • Update macOS Tahoe to version 26.5 or later

Generated by OpenCVE AI on May 12, 2026 at 21:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Apple Operating Systems Allowing Unexpected System Termination

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 18:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Mon, 11 May 2026 23:30:00 +0000

Type Values Removed Values Added
Title Integer Overflow in Apple Operating Systems Allowing Unexpected System Termination
Weaknesses CWE-190

Mon, 11 May 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Vendors & Products Apple
Apple ios And Ipados
Apple macos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Ios And Ipados Macos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T17:29:02.544Z

Reserved: 2026-03-03T16:36:03.990Z

Link: CVE-2026-28952

cve-icon Vulnrichment

Updated: 2026-05-12T17:04:37.496Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:56.263

Modified: 2026-05-12T18:16:48.767

Link: CVE-2026-28952

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:30:25Z

Weaknesses