PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-28953 Apple CVE debrief

Apple has addressed a vulnerability in multiple products, including Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to an unexpected process crash. This vulnerability has a CVSS score of 7.5 and is considered HIGH severity. The CVE was published on 2026-05-11T21:18:56.367Z and modified on 2026-06-30T03:18:06.290Z.

Vendor
Apple
Product
Safari
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-11
Original CVE updated
2026-06-30
Advisory published
2026-05-11
Advisory updated
2026-06-30

Who should care

Organizations and individuals using Apple products, specifically Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS, should be aware of this vulnerability. The vulnerability could lead to an unexpected process crash when processing maliciously crafted web content. Users of these products should ensure they are running the latest versions to mitigate this risk.

Technical summary

The vulnerability, CVE-2026-28953, is caused by a memory handling issue in Apple's products. Processing maliciously crafted web content can lead to an unexpected process crash. The issue has been addressed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Defensive priority

High priority should be given to updating vulnerable Apple products to the latest versions. Users should ensure that their Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are updated to the latest versions to mitigate this risk.

Recommended defensive actions

  • Update Safari to version 26.5
  • Update iOS to version 18.7.9 or 26.5
  • Update iPadOS to version 18.7.9 or 26.5
  • Update macOS to version 26.5
  • Update tvOS to version 26.5
  • Update visionOS to version 26.5
  • Update watchOS to version 26.5

Evidence notes

The CVE-2026-28953 record was obtained from the official CVE database and the NVD. The vulnerability affects multiple Apple products, including Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The issue has been addressed with improved memory handling.

Official resources

This article was generated with AI assistance based on the supplied source corpus.