PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-28905 Apple CVE debrief

Apple has addressed a vulnerability in multiple products, including Safari, iOS, iPadOS, macOS, tvOS, and visionOS. The issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to an unexpected process crash. This vulnerability has a CVSS score of 7.5 and is considered HIGH severity. The CVE was published on 2026-05-11 and modified on 2026-06-30.

Vendor
Apple
Product
Safari
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-11
Original CVE updated
2026-06-30
Advisory published
2026-05-11
Advisory updated
2026-06-30

Who should care

Organizations and individuals using Apple products, specifically Safari, iOS, iPadOS, macOS, tvOS, and visionOS, should be aware of this vulnerability. The vulnerability could lead to an unexpected process crash when processing maliciously crafted web content. Users of these products should ensure they are running the latest versions to mitigate this risk.

Technical summary

The vulnerability, CVE-2026-28905, is caused by a memory handling issue in Apple products. Processing maliciously crafted web content can lead to an unexpected process crash. The issue was addressed with improved memory handling in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Defensive priority

High priority should be given to updating affected Apple products to the latest versions. Organizations should ensure that their inventory of Apple products is up-to-date and that the necessary patches are applied.

Recommended defensive actions

  • Update Safari to version 26.5
  • Update iOS to version 26.5
  • Update iPadOS to version 26.5
  • Update macOS to version 26.5 (Tahoe)
  • Update tvOS to version 26.5
  • Update visionOS to version 26.5

Evidence notes

The CVE-2026-28905 record was published on 2026-05-11 and modified on 2026-06-30. The vulnerability affects multiple Apple products, including Safari, iOS, iPadOS, macOS, tvOS, and visionOS. The issue was addressed with improved memory handling in the affected products.

Official resources

This article is AI-assisted and based on the supplied source corpus.