PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-28870 Apple CVE debrief

CVE-2026-28870 is an Apple information-leakage vulnerability that was addressed with additional validation. According to Appleā€™s advisory text, an app may be able to access sensitive user data. Apple states the issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. NVD classifies the issue as a local, low-privilege, no-user-interaction confidentiality problem with high confidentiality impact.

Vendor
Apple
Product
CVE-2026-28870
CVSS
MEDIUM 5.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-25
Original CVE updated
2026-05-11
Advisory published
2026-03-25
Advisory updated
2026-05-11

Who should care

Administrators and security teams managing Apple devices should care, especially where devices handle personal, enterprise, or regulated data. This also matters for app-heavy environments because the issue involves an app potentially accessing sensitive user data.

Technical summary

The CVE is an information disclosure issue in Apple software. The published CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access, low privileges, no user interaction, and a primary confidentiality impact. Apple describes the fix as additional validation, and the affected product families in the NVD record include iPhone OS, iPadOS, macOS, tvOS, visionOS, and watchOS with fixed releases ending at 26.4 (and 18.7.9 for the 18.x branches).

Defensive priority

Medium priority. The bug is not rated as a KEV item in the supplied data, but it can expose sensitive data and affects multiple Apple platforms, so patching should be scheduled promptly for fleets that store or process important information.

Recommended defensive actions

  • Update affected Apple devices to the fixed releases: iOS 18.7.9, iPadOS 18.7.9, iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4.
  • Prioritize devices that handle sensitive personal, corporate, or regulated data.
  • Confirm patch compliance across all Apple device fleets and track any lagging versions below the fixed releases.
  • Review app inventory and limit unnecessary app exposure on managed devices while updates are being rolled out.
  • Monitor Apple vendor advisories and NVD for any changes to scope, versioning, or remediation guidance.

Evidence notes

This debrief is based on the supplied CVE description, the NVD modified record, and Apple support references listed in the source corpus. The published date used here is the CVE publishedAt timestamp of 2026-03-25T01:17:11.003Z; the modified timestamp is 2026-05-11T21:18:51.810Z. No KEV or ransomware-campaign metadata was supplied. The technical characterization follows the provided CVSS vector and NVD summary, and affected/fixed platform families are taken from the supplied description and CPE criteria.

Official resources

Apple publicly disclosed the issue on 2026-03-25. The supplied data does not indicate Known Exploited Vulnerabilities (KEV) listing, ransomware use, or active exploitation claims.