PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-28847 Apple CVE debrief

Apple addressed CVE-2026-28847 with improved memory handling. According to the supplied NVD record and Apple advisories, processing maliciously crafted web content could cause an unexpected process crash. The issue is rated Medium severity in the source corpus and affects multiple Apple platforms until the listed fixed releases.

Vendor
Apple
Product
Safari
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-11
Original CVE updated
2026-05-14
Advisory published
2026-05-11
Advisory updated
2026-05-14

Who should care

Organizations and individuals running Apple devices on the affected versions should care, especially fleet administrators managing Safari, iPhone/iPad, Mac, Apple TV, Vision Pro, and Apple Watch deployments. Users who regularly browse untrusted web content should prioritize updating, because the trigger involves web content processing and does not require privileges.

Technical summary

The source corpus describes a memory-handling flaw in Apple software that can be triggered by maliciously crafted web content, resulting in an unexpected process crash. NVD maps the issue to CVSS 3.1 vector AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H and CWE-119. The affected CPE ranges in the corpus indicate impact across iOS/iPadOS, macOS, tvOS, visionOS, and watchOS versions prior to the fixed releases, with Safari 26.5 and the listed OS updates resolving the issue.

Defensive priority

Medium. The vulnerability appears to be denial-of-service only, but it is remotely reachable through web content and requires no privileges, so exposure is broad and patching should be prioritized for internet-facing user devices and managed fleets.

Recommended defensive actions

  • Update to Safari 26.5 and the fixed Apple OS releases listed in the advisory references: iOS 18.7.9, iPadOS 18.7.9, iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5.
  • Prioritize deployment on devices that browse external or untrusted web content.
  • Inventory Apple devices to confirm none remain on vulnerable versions covered by the NVD CPE ranges.
  • Use normal staged rollout and validation procedures for fleet updates, then verify patch compliance after deployment.
  • Monitor for unexpected browser or web-content process crashes on unpatched systems until updates are complete.

Evidence notes

All statements are derived from the supplied CVE record, NVD metadata, and Apple advisory links referenced by NVD. The corpus states only that improved memory handling fixed the issue and that maliciously crafted web content may cause an unexpected process crash. No exploit details, proof-of-concept, attacker campaign, or confirmed exploitation are present in the supplied source material. The corpus also shows no KEV entry and no ransomware-campaign attribution.

Official resources

Apple disclosed the issue through security advisory/release-notes references cited by NVD on the CVE published date in the supplied corpus (2026-05-11). The NVD record was last modified on 2026-05-14 in the supplied timeline.