CVE-2026-28918
Out-of-Bounds Access in iOS and macOS via Malicious File Parsing
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ios | 26.5 |
| apple | ipad_os | 26.5 |
| apple | macos_tahoe | 26.5 |
| apple | tv_os | 26.5 |
| apple | vision_os | 26.5 |
| apple | watch_os | 26.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an out-of-bounds access issue that occurs when parsing a maliciously crafted file. It happens because of insufficient bounds checking, which means the software reads data outside the intended memory area.
This issue has been fixed in several Apple operating systems including iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
If exploited, it may cause an unexpected app termination.
How can this vulnerability impact me? :
The primary impact of this vulnerability is that parsing a maliciously crafted file can cause an app to terminate unexpectedly.
This could lead to denial of service for the affected application, potentially disrupting normal use.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Apple devices to the fixed versions: iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, or watchOS 26.5.