Description
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
Published: 2026-05-11
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow flaw was identified in various Apple operating systems, affecting how memory bounds are checked in critical system components. The vulnerability could cause an application to trigger an unexpected system termination, potentially allowing an attacker to force the operating system to crash. While the description does not explicitly state code execution, the nature of the overflow suggests that an attacker could overflow a buffer, leading to loss of control over execution flow and system stability.

Affected Systems

Apple iOS and iPadOS versions earlier than 18.7.9 and 26.5, macOS Sequoia, Sonoma, and Tahoe releases earlier than 15.7.7, 14.8.7, and 26.5 respectively, as well as older releases of tvOS, visionOS, and watchOS are affected. The affected ranges are detailed by Apple in the advisory and have been addressed in the listed updates.

Risk and Exploitability

The vulnerability does not appear in the CISA KEV database and no EPSS score is available, indicating no publicly documented exploits yet. However, a buffer overflow that can crash the system is a high‑severity potential, and an attacker could leverage it by delivering a malicious app or input that overflows the vulnerable buffer. The risk primarily translates to denial of service and could be a stepping stone to more severe outcomes if additional local privileges exist. The lack of exploitation data suggests that the threat profile is moderate until an exploit emerges.

Generated by OpenCVE AI on May 11, 2026 at 22:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest firmware updates—install iOS 18.7.9 or later, iPadOS 18.7.9 or later, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
  • Remove or update any third‑party or untrusted applications that could send crafted input to the affected system components.
  • Monitor device logs for unexpected crashes or abnormal termination events and report any patterns to Apple support.

Generated by OpenCVE AI on May 11, 2026 at 22:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 23:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Causing Unexpected System Termination in Apple Operating Systems
Weaknesses CWE-119

Mon, 11 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-11T20:07:29.263Z

Reserved: 2026-03-03T16:36:03.991Z

Link: CVE-2026-28959

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-11T21:18:56.990

Modified: 2026-05-11T21:18:56.990

Link: CVE-2026-28959

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T22:45:36Z

Weaknesses