PatchSiren cyber security CVE debrief
CVE-2026-28953 Apple CVE debrief
Apple has addressed a vulnerability in multiple products, including Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to an unexpected process crash. This vulnerability has a CVSS score of 7.5 and is considered HIGH severity. The CVE was published on 2026-05-11T21:18:56.367Z and modified on 2026-06-30T03:18:06.290Z.
- Vendor
- Apple
- Product
- Safari
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-11
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-05-11
- Advisory updated
- 2026-06-30
Who should care
Organizations and individuals using Apple products, specifically Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS, should be aware of this vulnerability. The vulnerability could lead to an unexpected process crash when processing maliciously crafted web content. Users of these products should ensure they are running the latest versions to mitigate this risk.
Technical summary
The vulnerability, CVE-2026-28953, is caused by a memory handling issue in Apple's products. Processing maliciously crafted web content can lead to an unexpected process crash. The issue has been addressed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, and watchOS 26.5. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Defensive priority
High priority should be given to updating vulnerable Apple products to the latest versions. Users should ensure that their Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS are updated to the latest versions to mitigate this risk.
Recommended defensive actions
- Update Safari to version 26.5
- Update iOS to version 18.7.9 or 26.5
- Update iPadOS to version 18.7.9 or 26.5
- Update macOS to version 26.5
- Update tvOS to version 26.5
- Update visionOS to version 26.5
- Update watchOS to version 26.5
Evidence notes
The CVE-2026-28953 record was obtained from the official CVE database and the NVD. The vulnerability affects multiple Apple products, including Safari, iOS, iPadOS, macOS, tvOS, visionOS, and watchOS. The issue has been addressed with improved memory handling.
Official resources
-
CVE-2026-28953 CVE record
CVE.org
-
CVE-2026-28953 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
-
Mitigation or vendor reference
[email protected] - Release Notes, Vendor Advisory
- Source reference
This article was generated with AI assistance based on the supplied source corpus.