PatchSiren cyber security CVE debrief
CVE-2026-28942 Apple CVE debrief
CVE-2026-28942 is a use-after-free issue addressed by Apple in various products, including Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The vulnerability was publicly disclosed on May 11, 2026, and the CVE record was last modified on June 30, 2026. The issue was fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. The CVSS score for this vulnerability is 6.5, indicating a medium severity level. The vulnerability is related to CWE-416.
- Vendor
- Apple
- Product
- Safari
- CVSS
- MEDIUM 6.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-11
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-05-11
- Advisory updated
- 2026-06-30
Who should care
This vulnerability affects users of Apple products, including Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. Users who have not updated to the latest versions of these products may be vulnerable to exploitation. It is recommended that users update to the latest versions to mitigate this vulnerability.
Technical summary
The vulnerability is a use-after-free issue, which occurs when a program attempts to access memory that has already been freed. This can lead to unexpected behavior, including crashes and potentially malicious code execution. The issue was addressed with improved memory management in the affected products. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, indicating that the vulnerability can be exploited over the network with low attack complexity and no privileges required.
Defensive priority
Medium priority should be given to patching this vulnerability, as it has a medium severity level and can be exploited over the network. Users should update to the latest versions of the affected products as soon as possible to mitigate this vulnerability.
Recommended defensive actions
- Update Safari to version 26.5 or later
- Update iOS to version 26.5 or later
- Update iPadOS to version 26.5 or later
- Update macOS to version 26.5 or later
- Update tvOS to version 26.5 or later
- Update visionOS to version 26.5 or later
- Update watchOS to version 26.5 or later
Evidence notes
The CVE record for this vulnerability was publicly disclosed on May 11, 2026, and was last modified on June 30, 2026. The vulnerability was addressed by Apple in various products, including Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The CVSS score for this vulnerability is 6.5, indicating a medium severity level.
Official resources
-
CVE-2026-28942 CVE record
CVE.org
-
CVE-2026-28942 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article was generated with AI assistance based on the supplied source corpus.