CVE-2026-28971
Improved UI Handling in Apple iOS 26.5
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ios | 26.5 |
| apple | ipad_os | 26.5 |
| apple | macos_tahoe | 26.5 |
| apple | visionos | 26.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves a malicious iframe that can exploit another website's download settings due to improper UI handling.
The issue was addressed by improving UI handling in Apple operating systems including iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, and visionOS 26.5.
How can this vulnerability impact me? :
A malicious iframe exploiting this vulnerability could manipulate download settings from another website, potentially leading to unauthorized or unintended downloads.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Apple devices to the fixed versions: iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, or visionOS 26.5.
These updates include improved UI handling that addresses the issue where a malicious iframe may use another websiteβs download settings.