CVE-2026-39870
Memory Corruption in macOS Image Processing
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: Apple Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| apple | macos_sequoia | to 15.7.7 (inc) |
| apple | macos_sonoma | to 14.8.7 (inc) |
| apple | macos_tahoe | to 26.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves improper memory handling when processing a maliciously crafted image on certain macOS versions. Specifically, it can cause corruption of process memory.
The issue has been addressed and fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5 by improving memory handling.
How can this vulnerability impact me? :
Processing a maliciously crafted image could corrupt process memory, which may lead to application crashes, unexpected behavior, or potentially allow an attacker to execute arbitrary code or escalate privileges.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5. To mitigate this vulnerability, you should update your system to one of these versions or later.