PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-28940 Apple CVE debrief

Apple addressed CVE-2026-28940 with improved memory handling. According to the official description, a maliciously crafted image may corrupt process memory. The issue is rated HIGH severity in the supplied NVD data and is mapped to CWE-119. Apple lists fixes across iOS, iPadOS, macOS, tvOS, and visionOS releases.

Vendor
Apple
Product
iOS and iPadOS
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-11
Original CVE updated
2026-05-13
Advisory published
2026-05-11
Advisory updated
2026-05-13

Who should care

Organizations and individuals running Apple devices that process untrusted images, especially fleet administrators managing iPhone, iPad, Mac, Apple TV, and Vision Pro devices. Security teams should prioritize systems exposed to email, messaging, web content, document workflows, or any application that renders external images.

Technical summary

The supplied corpus describes a memory-handling weakness in Apple image processing that can lead to process memory corruption when a maliciously crafted image is handled. NVD classifies the issue with CVSS 3.1 vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N and CWE-119. Apple states the issue is fixed in iOS 18.7.9 and 26.5, iPadOS 18.7.9 and 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.

Defensive priority

High. The combination of network attack vector, no privileges required, no user interaction, and high confidentiality impact makes this a strong patching priority for internet-connected and user-facing Apple systems.

Recommended defensive actions

  • Update affected Apple devices to the fixed releases listed in the Apple advisories: iOS 18.7.9 or 26.5, iPadOS 18.7.9 or 26.5, macOS Sequoia 15.7.7 or macOS Tahoe 26.5, tvOS 26.5, and visionOS 26.5.
  • Prioritize devices that regularly process external images, including mail, messaging, browser, productivity, and media workflows.
  • Use standard staged deployment and validation for fleet rollout, but accelerate remediation for exposed endpoints and high-risk user groups.
  • Monitor vendor advisories and internal asset inventories to confirm all supported Apple OS versions are upgraded.
  • Treat related image-handling crashes or instability as potentially security-relevant until patched systems are fully remediated.

Evidence notes

This debrief is based only on the supplied official corpus: the NVD record and Apple support references. The CVE was published on 2026-05-11 and last modified on 2026-05-13, and the supplied timeline fields use those dates. NVD lists the vulnerability status as Analyzed, the CVSS vector as CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N, and weakness CWE-119. No KEV entry or ransomware-campaign flag is present in the supplied enrichment.

Official resources

CVE-2026-28940 was published on 2026-05-11 and modified on 2026-05-13. The supplied official sources indicate Apple fixed the issue in multiple OS releases; no further exploitation details are provided in the corpus.