Description
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
Published: 2026-05-11
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is caused by insufficient bounds checking when processing a maliciously crafted file, leading to an unexpected application termination. The flaw can be exploited to crash an application whenever it opens a carefully constructed file, resulting in a denial‑of‑service condition for the user or system that depends on the affected software. This is consistent with a CWE‑787 type out‑of‑bounds memory access and presents no documented code‑execution vector.

Affected Systems

Apple iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are affected. The issue is fixed in iOS 18.7.9, iOS 26.5, iPadOS 18.7.9, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.

Risk and Exploitability

Because no CVSS or EPSS score is published, the exact value of the risk cannot be quantified. However, the problem requires only a malicious local file to trigger the crash, so the attack surface is limited to users or processes that open such files. The vulnerability is not listed in the KEV catalog and no exploitation reports are known, but it represents a moderate to high risk of denial‑of‑service for affected applications.

Generated by OpenCVE AI on May 11, 2026 at 22:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update each device to the latest available Apple OS release that includes the bounds‑check improvements (e.g., iOS 18.7.9/iPadOS 18.7.9, iOS 26.5/iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5).
  • Avoid opening or transmitting untrusted files on devices running affected OS versions, or disable the application(s) that process such files if possible.
  • Monitor Apple support forums and the official Apple Security Advisories for any new updates or additional mitigations.

Generated by OpenCVE AI on May 11, 2026 at 22:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Bounds Check Failure in Apple Operating Systems Leading to Unexpected App Termination
Weaknesses CWE-787

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-11T20:08:36.675Z

Reserved: 2026-03-03T16:36:03.993Z

Link: CVE-2026-28977

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-11T21:18:58.217

Modified: 2026-05-11T21:18:58.217

Link: CVE-2026-28977

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T23:15:08Z

Weaknesses