Description
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A buffer overflow flaw was discovered in several Apple operating systems. The vulnerability arises from insufficient bounds checking, allowing an application to supply crafted data that overflows a buffer and causes the OS to terminate unexpectedly. The flaw is classified as CWE‑120 and results in a denial‑of‑service condition; it does not provide code execution or privilege escalation capabilities.

Affected Systems

Apple iOS and iPadOS versions prior to 18.7.9 or 26.5, macOS Sequoia older than 15.7.7, macOS Sonoma older than 14.8.7, macOS Tahoe before 26.5, and the corresponding earlier releases of tvOS, visionOS, and watchOS are affected. The issue was fixed in the OS updates listed in the description.

Risk and Exploitability

The CVSS score of 7.5 indicates a high‑severity denial‑of‑service vulnerability, yet the EPSS score is below 1 % and the flaw is not listed in the CISA KEV catalog, suggesting a low likelihood of active exploitation. Based on the description, the likely attack vector is a malicious or improperly behaved application that supplies crafted input to the vulnerable component. No public exploits have been reported, so the current risk remains moderate until an exploit is discovered or the attack surface changes.

Generated by OpenCVE AI on May 12, 2026 at 23:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS updates that contain the bounds‑checking fix, specifically iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
  • Restrict the installation of third‑party applications that could submit arbitrary data to system components, and remove any that are known to expose the vulnerability.
  • Monitor device stability by reviewing crash logs; if unexpected termination occurs, report the incident to Apple support for investigation.

Generated by OpenCVE AI on May 12, 2026 at 23:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Wed, 13 May 2026 00:15:00 +0000

Type Values Removed Values Added
Title Buffer Overflow in Apple Operating Systems Causes Unexpected Termination

Tue, 12 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Causing Unexpected System Termination in Apple Operating Systems
Weaknesses CWE-119

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-120
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Mon, 11 May 2026 23:00:00 +0000

Type Values Removed Values Added
Title Buffer Overflow Causing Unexpected System Termination in Apple Operating Systems
Weaknesses CWE-119

Mon, 11 May 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination.
References

Subscriptions

Apple Ios And Ipados Ipados Iphone Os Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T19:53:57.743Z

Reserved: 2026-03-03T16:36:03.991Z

Link: CVE-2026-28959

cve-icon Vulnrichment

Updated: 2026-05-12T19:27:03.025Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T21:18:56.990

Modified: 2026-05-13T14:36:21.417

Link: CVE-2026-28959

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T00:00:17Z

Weaknesses
  • CWE-120

    Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')