Description
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or write kernel memory.
Published: 2026-05-11
Score: 6.5 Medium
EPSS: 1.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An out‑of‑bounds write in system input validation permits a malicious application to corrupt kernel memory, which may lead to unexpected system termination or arbitrary code execution. The flaw is a buffer overflow (CWE‑787).

Affected Systems

Apple operating systems iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are affected. The vulnerability is fixed in iOS 18.7.9 and 26.5, iPadOS 18.7.9 and 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5 – devices running earlier versions remain vulnerable.

Risk and Exploitability

The CVSS score is 6.5, indicating medium severity, while the EPSS score is 1%, suggesting a low but non‑negligible exploitation likelihood. The vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is a user‑space application that passes crafted input to the system component; an attacker with the ability to install or run a malicious app locally could exploit the flaw to corrupt kernel memory, potentially leading to privilege escalation or code execution, although no public exploits are known at the time of this analysis.

Generated by OpenCVE AI on June 18, 2026 at 08:12 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Install the latest OS update for your Apple device—iOS 18.7.9 or 26.5, iPadOS 18.7.9 or 26.5, macOS Sequoia 15.7.7 / Sonoma 14.8.7 / Tahoe 26.5, tvOS 26.5, visionOS 26.5, or watchOS 26.5.
  • After updating macOS, perform a full system restart to ensure the patched kernel loads cleanly.
  • Until the update is applied, limit the installation of third‑party or untrusted applications and enable automatic update checks to receive the fix promptly.

Generated by OpenCVE AI on June 18, 2026 at 08:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write Causes Kernel Memory Corruption in Apple OS

Wed, 17 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in Apple System Input Validation Allowing Kernel Memory Corruption

Tue, 16 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write in Apple System Input Validation Allowing Kernel Memory Corruption

Wed, 13 May 2026 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple ipados
Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Vendors & Products Apple ipados
Apple iphone Os

Tue, 12 May 2026 21:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write Allowing Kernel Memory Corruption in Apple OS
Weaknesses CWE-119
CWE-789

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 12 May 2026 18:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L'}


Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑Bounds Write Allowing Kernel Memory Corruption in Apple OS
Weaknesses CWE-119
CWE-789

Mon, 11 May 2026 22:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or write kernel memory.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T17:23:47.380Z

Reserved: 2026-03-03T16:36:03.992Z

Link: CVE-2026-28972

cve-icon Vulnrichment

Updated: 2026-05-12T17:23:40.975Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-11T21:18:57.907

Modified: 2026-06-17T10:29:25.887

Link: CVE-2026-28972

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T08:15:17Z

Weaknesses