CVE-2026-28979
Received Received - Intake

Out-of-Bounds Access in Safari Leading to Process Crash

Publication date: 2026-06-29

Last updated on: 2026-06-29

Assigner: Apple Inc.

Description
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-29
Last Modified
2026-06-29
Generated
2026-06-30
AI Q&A
2026-06-29
EPSS Evaluated
N/A
NVD
CVE-2026-28979

Affected Vendors & Products

Showing 6 associated CPEs
Vendor Product Version / Range
apple safari 26.5.2
apple ios 26.5.2
apple ipad_os 26.5.2
apple macos_tahoe 26.5.2
apple macos_sonoma 26.5.2
apple macos_sequoia 26.5.2

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-28979 is a stack overflow vulnerability in the WebRTC component of Safari and related Apple operating systems such as macOS Tahoe, macOS Sonoma, macOS Sequoia, iOS, and iPadOS. This vulnerability occurs when processing maliciously crafted web content, which can trigger an out-of-bounds access leading to a stack overflow.

Apple addressed this issue by improving input validation and bounds checking to prevent the stack overflow from occurring. The fix was included in updates released on June 29, 2026.

Impact Analysis

This vulnerability can cause an unexpected crash of the Safari browser or related processes when maliciously crafted web content is processed. While it does not directly indicate remote code execution or data leakage, the crash can disrupt normal browsing activities and potentially be used as a denial-of-service vector.

Mitigation Strategies

To mitigate this vulnerability, you should update your Apple devices to the fixed versions of the affected software.

  • Update Safari to version 26.5.2.
  • Update iOS and iPadOS to version 26.5.2.
  • Update macOS Tahoe to version 26.5.2.

These updates include improved input validation that prevents the stack overflow vulnerability from being triggered by maliciously crafted web content.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-28979. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart