PatchSiren cyber security CVE debrief
CVE-2026-28905 Apple CVE debrief
Apple has addressed a vulnerability in multiple products, including Safari, iOS, iPadOS, macOS, tvOS, and visionOS. The issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to an unexpected process crash. This vulnerability has a CVSS score of 7.5 and is considered HIGH severity. The CVE was published on 2026-05-11 and modified on 2026-06-30.
- Vendor
- Apple
- Product
- Safari
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-11
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-05-11
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Apple products, specifically Safari, iOS, iPadOS, macOS, tvOS, and visionOS, should be aware of this vulnerability. The vulnerability could lead to an unexpected process crash when processing maliciously crafted web content. Users of these products should ensure they are running the latest versions to mitigate this risk.
Technical summary
The vulnerability, CVE-2026-28905, is caused by a memory handling issue in Apple products. Processing maliciously crafted web content can lead to an unexpected process crash. The issue was addressed with improved memory handling in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
High priority should be given to updating affected Apple products to the latest versions. Organizations should ensure that their inventory of Apple products is up-to-date and that the necessary patches are applied.
Recommended defensive actions
- Update Safari to version 26.5
- Update iOS to version 26.5
- Update iPadOS to version 26.5
- Update macOS to version 26.5 (Tahoe)
- Update tvOS to version 26.5
- Update visionOS to version 26.5
Evidence notes
The CVE-2026-28905 record was published on 2026-05-11 and modified on 2026-06-30. The vulnerability affects multiple Apple products, including Safari, iOS, iPadOS, macOS, tvOS, and visionOS. The issue was addressed with improved memory handling in the affected products.
Official resources
-
CVE-2026-28905 CVE record
CVE.org
-
CVE-2026-28905 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.