CVE-2026-28992 - Vulnerability Analysis
MediumCVSS: 4.7Last Updated: May 12, 2026
Apple - Denial of Service
Published: May 11, 2026Updated: May 12, 2026PoC Available
Overview
Apple iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5 contain a memory corruption vulnerability caused by improper locking, letting attackers cause unexpected app termination, exploit requires no special conditions.
Severity & Score
Severity: Medium
CVSS Score: 4.7
Impact
Attackers can cause unexpected application termination, leading to denial of service.
Mitigation
Update to iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5 or later.
References
- https://support.apple.com/en-us/127117
- https://support.apple.com/en-us/127118
- https://support.apple.com/en-us/127119
- https://support.apple.com/en-us/127120
- https://support.apple.com/en-us/127110
- https://support.apple.com/en-us/127111
- https://support.apple.com/en-us/127115
- https://support.apple.com/en-us/127116
Related Resources
Details
- CVE ID
- CVE-2026-28992
- Severity
- Medium
- CVSS Score
- 4.7
- Type
- memory_corruption
- Status
- unconfirmed
CWE
- CWE-362
CVSS Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H