PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-28857 Apple CVE debrief

CVE-2026-28857 is a vulnerability in Apple Safari and other products that could lead to an unexpected process crash when processing maliciously crafted web content. The issue was addressed with improved memory handling. This vulnerability affects multiple Apple products, including Safari, iOS, iPadOS, macOS, and visionOS. The CVSS score for this vulnerability is 6.5, indicating a medium severity level. The vulnerability was published on March 25, 2026, and modified on June 30, 2026.

Vendor
Apple
Product
Safari
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-06-30
Advisory published
2026-03-25
Advisory updated
2026-06-30

Who should care

Organizations and individuals using Apple Safari, iOS, iPadOS, macOS, and visionOS should be aware of this vulnerability and take necessary steps to update their systems. This vulnerability could be exploited by processing maliciously crafted web content, leading to an unexpected process crash. Users of these products should prioritize patching to prevent potential disruptions.

Technical summary

CVE-2026-28857 is a vulnerability in Apple products that could lead to an unexpected process crash when processing maliciously crafted web content. The issue is caused by improper memory handling. Affected products include Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4. The vulnerability has a CVSS score of 6.5 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The weakness associated with this vulnerability includes CWE-125, CWE-416, and CWE-787.

Defensive priority

Patching is recommended as the primary defensive measure. Organizations should prioritize updating Apple Safari, iOS, iPadOS, macOS, and visionOS to the latest versions to prevent potential disruptions.

Recommended defensive actions

  • Update Apple Safari to version 26.4 or later.
  • Update iOS to version 26.4 or later.
  • Update iPadOS to version 26.4 or later.
  • Update macOS to version 26.4 or later.
  • Update visionOS to version 26.4 or later.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, including its description, CVSS score, and affected products. Vendor advisories from Apple and source references from Red Hat are also available.

Official resources

This article was generated with AI assistance based on the supplied source corpus.