PatchSiren cyber security CVE debrief
CVE-2026-28857 Apple CVE debrief
CVE-2026-28857 is a vulnerability in Apple Safari and other products that could lead to an unexpected process crash when processing maliciously crafted web content. The issue was addressed with improved memory handling. This vulnerability affects multiple Apple products, including Safari, iOS, iPadOS, macOS, and visionOS. The CVSS score for this vulnerability is 6.5, indicating a medium severity level. The vulnerability was published on March 25, 2026, and modified on June 30, 2026.
- Vendor
- Apple
- Product
- Safari
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-25
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-03-25
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Apple Safari, iOS, iPadOS, macOS, and visionOS should be aware of this vulnerability and take necessary steps to update their systems. This vulnerability could be exploited by processing maliciously crafted web content, leading to an unexpected process crash. Users of these products should prioritize patching to prevent potential disruptions.
Technical summary
CVE-2026-28857 is a vulnerability in Apple products that could lead to an unexpected process crash when processing maliciously crafted web content. The issue is caused by improper memory handling. Affected products include Safari 26.4, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, and visionOS 26.4. The vulnerability has a CVSS score of 6.5 and a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The weakness associated with this vulnerability includes CWE-125, CWE-416, and CWE-787.
Defensive priority
Patching is recommended as the primary defensive measure. Organizations should prioritize updating Apple Safari, iOS, iPadOS, macOS, and visionOS to the latest versions to prevent potential disruptions.
Recommended defensive actions
- Update Apple Safari to version 26.4 or later.
- Update iOS to version 26.4 or later.
- Update iPadOS to version 26.4 or later.
- Update macOS to version 26.4 or later.
- Update visionOS to version 26.4 or later.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its description, CVSS score, and affected products. Vendor advisories from Apple and source references from Red Hat are also available.
Official resources
-
CVE-2026-28857 CVE record
CVE.org
-
CVE-2026-28857 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.