Description
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory handling bug can cause an unexpected process crash when the system processes specially crafted web content. The crash impacts availability by terminating the affected process or application, potentially disrupting user experience or critical functions. The vulnerability does not directly provide code execution or data disclosure, but it can result in instability or repeated service interruptions.

Affected Systems

Apple iOS, iPadOS, macOS (macOS Tahoe), tvOS, visionOS, and watchOS are affected. The issue is fixed in iOS 18.7.9, iOS 26.5, iPadOS 18.7.9, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, but the EPSS score of < 1% indicates a very low likelihood of exploitation. Apple has not listed this vulnerability in the CISA KEV catalog. The known attack vector is inferred to be remote, originating from maliciously designed web content that a device renders or processes. No public exploit has been documented, suggesting a moderate risk that is mitigated entirely by provisioning the specified updates.

Generated by OpenCVE AI on May 12, 2026 at 21:59 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update all Apple devices to the latest firmware that includes the fix (e.g., iOS 18.7.9, iOS 26.5, iPadOS 18.7.9, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, or watchOS 26.5).
  • Enable automatic updates to receive future security releases without manual intervention.
  • Monitor device logs for crashes associated with web content and apply additional controls, such as content filtering, in environments where browsing untrusted sites is a risk.

Generated by OpenCVE AI on May 12, 2026 at 21:59 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-119
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
Title Malicious Web Content Crash Vulnerability
Weaknesses CWE-416
CWE-674

Mon, 11 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T19:53:46.386Z

Reserved: 2026-03-03T16:36:03.990Z

Link: CVE-2026-28955

cve-icon Vulnrichment

Updated: 2026-05-12T19:51:56.656Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:56.570

Modified: 2026-05-12T20:16:32.283

Link: CVE-2026-28955

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T22:00:22Z

Weaknesses