Local Privilege Escalation Vulnerability in Apple Keychain Products
CVE-2026-28864

3.3LOW

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Mac OS; Visionos; Watch OS
Vendor: CVE Published:; 25 March 2026

What is CVE-2026-28864?

A security vulnerability has been identified that allows a local attacker to manipulate permissions, potentially enabling unauthorized access to the user's Keychain items. This issue has been mitigated through enhanced permissions checks in the latest versions of affected Apple products. Users are advised to update to the latest versions to protect their sensitive data from unauthorized access.

Affected Version(s)

iOS and iPadOS 0 < 18.7.7

iOS and iPadOS 0 < 26.4

macOS 0 < 14.8.5

References

https://support.apple.com/en-us/126792

https://support.apple.com/en-us/126793

https://support.apple.com/en-us/126794

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 25, 2026
Vulnerability Reserved
Mar 3, 2026

CVE-2026-28864 Data

JSON