Description
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination.
Published: 2026-05-11
Score: 4.7 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A memory corruption vulnerability in Apple operating systems can cause applications to terminate unexpectedly, resulting in a denial of service for the affected software. This vulnerability is identified as a race condition (CWE-362). The likely attack vector is through unsynchronised concurrent access to shared resources, which an attacker could trigger with crafted input. The CVE description does not disclose a direct code execution path, so the primary consequence remains application instability rather than full system compromise.

Affected Systems

Apple’s iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are affected. Versions prior to iOS 18.7.9, iOS 26.5, iPadOS 18.7.9, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5 are vulnerable; these releases are mitigated by the corresponding patched versions or newer.

Risk and Exploitability

The EPSS score is <1%, indicating a very low probability of exploitation, and the vulnerability is not listed in CISA’s KEV catalog. The CVSS score of 4.7 reflects a moderate severity, largely due to local denial of service through application termination without providing privilege escalation or remote code execution. Apple’s fix resolves the root cause through enhanced locking mechanisms, eliminating the undesired application termination.

Generated by OpenCVE AI on May 12, 2026 at 23:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Apple OS update for the affected platform, such as iOS 18.7.9 or newer, iOS 26.5 or newer, iPadOS 18.7.9 or newer, iPadOS 26.5 or newer, macOS Sequoia 15.7.7 or newer, macOS Sonoma 14.8.7 or newer, macOS Tahoe 26.5 or newer, tvOS 26.5 or newer, visionOS 26.5 or newer, watchOS 26.5 or newer.
  • Activate automatic system updates so that future security patches are installed without manual intervention.
  • Monitor Apple support advisories for any further updates or guidance and apply them promptly.

Generated by OpenCVE AI on May 12, 2026 at 23:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Apple OS Application Crash due to Race Condition Memory Corruption

Tue, 12 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Memory Corruption Vulnerability Causing Unexpected Application Termination
Weaknesses CWE-122

Tue, 12 May 2026 18:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 00:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos
Vendors & Products Apple
Apple ios And Ipados
Apple macos
Apple tvos
Apple visionos
Apple watchos

Mon, 11 May 2026 23:45:00 +0000

Type Values Removed Values Added
Title Memory Corruption Vulnerability Causing Unexpected Application Termination
Weaknesses CWE-122

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
Description A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An attacker may be able to cause unexpected app termination.
References

Subscriptions

Apple Ios And Ipados Macos Tvos Visionos Watchos
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-05-12T17:48:22.534Z

Reserved: 2026-03-03T16:36:03.995Z

Link: CVE-2026-28992

cve-icon Vulnrichment

Updated: 2026-05-12T17:48:14.773Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-11T21:18:59.117

Modified: 2026-05-12T18:16:49.983

Link: CVE-2026-28992

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T23:30:26Z

Weaknesses