Description
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause a denial of service.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A type confusion issue exists in several Apple operating systems where the system can be tricked into interpreting an object as a different type before improved checks are applied. This flaw, as described, allows a remote attacker to trigger a crash that terminates processes or entire operating system instances, effectively denying service to the affected device. The vulnerability is a classic example of improper type validation and incorrect type conversion, reflected in the relevant CWE identifier CWE-843.

Affected Systems

Affected Apple platforms include iOS on iPhone and iPad, iPadOS, macOS Tahoe, tvOS, visionOS, and watchOS. The specific fixed releases are iOS 18.7.9 and 26.5, iPadOS 18.7.9 and 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. All hardware running any of these operating systems is potentially impacted until the patched versions are installed.

Risk and Exploitability

With a CVSS score of 7.5 and no disclosed exploit in the wild, the vulnerability is not listed in CISA’s KEV catalog, indicating a low to moderate risk of exploitation. The EPSS score of < 1% indicates a very low probability of exploitation, but a remote attacker capable of triggering the type confusion could still cause a denial of service on the target device. Until patched, devices remain vulnerable to an attacker capable of sending crafted payloads to induce the flaw.

Generated by OpenCVE AI on May 12, 2026 at 23:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the affected Apple operating systems to iOS 18.7.9 or 26.5, iPadOS 18.7.9 or 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, or watchOS 26.5.
  • Enable automatic updates so that future security patches are applied automatically, ensuring the device remains protected.
  • If the device cannot run the fixed OS, plan to upgrade hardware or shift to a device with a supported operating system to avoid exposure to the type confusion vulnerability.

Generated by OpenCVE AI on May 12, 2026 at 23:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 22:15:00 +0000

Type Values Removed Values Added
Title Apple Operating System Type Confusion Vulnerability Enabling Remote Denial of Service
Weaknesses CWE-745

Tue, 12 May 2026 21:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-843

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 11 May 2026 23:30:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 23:00:00 +0000

Type Values Removed Values Added
Title Apple Operating System Type Confusion Vulnerability Enabling Remote Denial of Service
Weaknesses CWE-745

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause a denial of service.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T20:28:37.898Z

Reserved: 2026-03-03T16:36:03.993Z

Link: CVE-2026-28983

cve-icon Vulnrichment

Updated: 2026-05-12T17:51:44.895Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:58.423

Modified: 2026-05-12T21:16:14.330

Link: CVE-2026-28983

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T23:45:25Z

Weaknesses