CVE-2026-28886
Null Pointer Dereference in Apple OSes Causes Denial-of-Service
Publication date: 2026-03-25
Last updated on: 2026-03-25
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos | From 14.0 (inc) to 14.8.5 (exc) |
| apple | macos | From 15.0 (inc) to 15.7.5 (exc) |
| apple | macos | From 26.0 (inc) to 26.4 (exc) |
| apple | ipados | to 18.7.7 (exc) |
| apple | ipados | From 26.0 (inc) to 26.4 (exc) |
| apple | iphone_os | to 18.7.7 (exc) |
| apple | iphone_os | From 26.0 (inc) to 26.4 (exc) |
| apple | tvos | to 26.4 (exc) |
| apple | visionos | to 26.4 (exc) |
| apple | watchos | to 26.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference issue that was addressed by improving input validation in affected Apple operating systems.
A null pointer dereference occurs when a program attempts to use a pointer that has a null value, which can lead to unexpected behavior or crashes.
In this case, a user in a privileged network position may exploit this vulnerability to cause a denial-of-service condition.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing a user in a privileged network position to cause a denial-of-service (DoS) on affected Apple devices.
A denial-of-service can make the device or service unavailable, potentially disrupting normal operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Apple devices to the fixed versions of the operating systems as soon as possible.
- iOS 18.7.7 and iPadOS 18.7.7
- iOS 26.4 and iPadOS 26.4
- macOS Sequoia 15.7.5
- macOS Sonoma 14.8.5
- macOS Tahoe 26.4
- tvOS 26.4
- visionOS 26.4
- watchOS 26.4
Applying these updates will address the null pointer dereference vulnerability and prevent potential denial-of-service attacks from privileged network users.