Out-of-Bounds Write Vulnerability in Apple iOS and macOS Products
CVE-2026-28819
5.4MEDIUM
What is CVE-2026-28819?
An out-of-bounds write vulnerability exists in the handling of memory regions, which allows an application to potentially execute arbitrary code with kernel privileges. This issue could lead to unauthorized access or manipulation of system files, impacting the integrity and confidentiality of the device. Apple has released updates to address this issue in iOS 18.7.9, iPadOS 18.7.9, and various versions of macOS, enhancing bounds checking to mitigate the risk.
Affected Version(s)
iOS and iPadOS 0 < 18.7.9
macOS 0 < 14.8.7
macOS 0 < 15.7.7
References
EPSS Score
7% chance of being exploited in the next 30 days.
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved