Out-of-Bounds Write Vulnerability in macOS by Apple
CVE-2026-28825

7.1HIGH

Key Information:

Vendor

Apple
Status
Mac OS
Vendor
CVE Published:
25 March 2026

What is CVE-2026-28825?

CVE-2026-28825 is an out-of-bounds write vulnerability present in macOS, developed by Apple. This flaw arises from inadequate bounds checking, which could allow a malicious application to modify protected areas of the file system. Such unauthorized modifications could potentially lead to data corruption, unauthorized access to sensitive information, or even complete system compromise. Given the critical nature of file system integrity, this vulnerability poses a serious threat to organizations relying on macOS for their operations, as it could undermine the security and stability of their systems.

Potential impact of CVE-2026-28825

  1. Data Integrity Risks: The vulnerability could allow malicious applications to alter or delete important files, leading to significant data corruption and potential loss of critical organizational information.

  2. Unauthorized Access: Exploitation of this vulnerability may enable attackers to gain access to restricted areas of the file system, increasing the risk of data breaches and unauthorized data manipulation.

  3. System Compromise: By compromising the file system, attackers could install malicious software or alter system configurations, which could lead to wider security incidents, including further exploitation or network infiltration.

Affected Version(s)

macOS 0 < 14.8.5

macOS 0 < 15.7.5

macOS 0 < 26.4

References

https://support.apple.com/en-us/126794
https://support.apple.com/en-us/126795
https://support.apple.com/en-us/126796

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.