CVE-2026-28922
Improper Access Control in macOS
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos_sequoia | to 15.7.7 (inc) |
| apple | macos_sonoma | to 14.8.7 (inc) |
| apple | macos_tahoe | to 26.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an issue with state management in certain versions of macOS (Sequoia, Sonoma, Tahoe). Due to this issue, an application may be able to access private information that it should not have access to.
How can this vulnerability impact me? :
The impact of this vulnerability is that an app could potentially access private information without proper authorization, which could lead to privacy breaches or unauthorized data exposure.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.
To mitigate this vulnerability, you should update your macOS system to one of these fixed versions as soon as possible.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows an app to potentially access private information due to improper state management.
Such unauthorized access to private information could impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls over personal and sensitive data.
However, specific details on the extent of the impact on compliance or mitigation measures beyond the fix in macOS versions are not provided.