CVE-2026-28994
Use After Free in Apple iOS and iPadOS
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | ios | 18.7.9 |
| apple | ipados | 18.7.9 |
| apple | macos_sequoia | 15.7.7 |
| apple | macos_sonoma | 14.8.7 |
| apple | macos_tahoe | 26.5 |
| apple | tvos | 26.5 |
| apple | watchos | 26.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a use after free issue related to memory management in Apple operating systems including iOS, iPadOS, macOS, tvOS, and watchOS.
It has been addressed and fixed in specific versions such as iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.
The vulnerability allows an attacker who is in a privileged network position to potentially perform a denial-of-service attack by sending specially crafted Wi-Fi packets.
How can this vulnerability impact me? :
An attacker with privileged network access could exploit this vulnerability to cause a denial-of-service (DoS) condition on affected Apple devices.
This means the device could become unresponsive or crash, disrupting normal operation and potentially causing loss of availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update your Apple devices to the fixed versions: iOS 18.7.9 or 26.5, iPadOS 18.7.9 or 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, and watchOS 26.5.
Since the vulnerability can be exploited by an attacker in a privileged network position using crafted Wi-Fi packets to cause denial-of-service, ensure your network is secure and monitor for suspicious Wi-Fi activity.