CVE-2026-28923
Logging Issue in macOS Leads to Sandbox Escape
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos_sequoia | 15.7.7 |
| apple | macos_sonoma | 14.8.7 |
| apple | macos_tahoe | 26.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a logging issue in certain versions of macOS where data redaction was insufficient. Because of this, a malicious application may be able to break out of its sandbox, potentially gaining unauthorized access beyond its intended restrictions.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow a malicious app to escape its sandbox environment, which is designed to isolate apps and limit their access to system resources and user data. This could lead to unauthorized access to sensitive information or system functions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your macOS system to one of the fixed versions: macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, or macOS Tahoe 26.5.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves a logging issue that was addressed with improved data redaction, which suggests that sensitive information could have been exposed in logs.
Since improper data redaction in logs can lead to unauthorized access to sensitive data, this could potentially impact compliance with data protection regulations such as GDPR and HIPAA, which require protection of personal and health information.
However, the provided information does not explicitly state the direct impact on compliance with these standards.