Feed›Vulnerability›Multiple Vulnerabilities in Apple Products Could Allow for A...

VulnerabilityCIS Advisories

7.8 — HIGH

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

📅 12 May 2026 at 18:13 UTC📰 CIS AdvisoriesView original source ↗

Multiple vulnerabilities have been discovered in Apple products, the most severe of which could allow for arbitrary code execution. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Multiple vulnerabilities have been discovered in Apple products, allowing for arbitrary code execution and potentially leading to unauthorized access to sensitive user data. The most severe vulnerability could allow an attacker to execute arbitrary code with kernel privileges.

⚙️Technical Details

CVEs

CVE-2026-28819CVE-2026-28951CVE-2026-28919CVE-2026-28976

Affected Systems

iOS 18.7.9 and iPadOS 18.7.9macOS Sequoia 15.7.7macOS Sonoma 14.8.7macOS Tahoe 26.5

Attack Vectors

NETWORKLOCAL

💥Impact Assessment

Severity: CRITICAL

Who Is at Risk

Users of affected Apple products, including iOS and macOS users

🛡️Recommended Actions

1Apply the latest security patches to all affected devices as soon as possible

2Use a reputable antivirus software to detect and remove any malicious apps or files

3Enable two-factor authentication for all accounts, including email and social media

📦Affected Products

Apple IpadosApple Iphone OsApple Macos

🔐NVD Verified DataVERIFIED

CVE-2026-28819 ↗CVSS 5.4 — MEDIUM

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Weaknesses

CWE-787

CVE-2026-28951 ↗CVSS 7.8 — HIGH

Attack Vector

LOCAL

Complexity

LOW

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses

CWE-863

Affected Products (CPE)

Apple IpadosApple Iphone OsApple Macos

Advisories

📋 https://support.apple.com/en-us/127110 📋 https://support.apple.com/en-us/127111 📋 https://support.apple.com/en-us/127115

CVE-2026-28919 ↗CVSS 7.8 — HIGH

Attack Vector

LOCAL

Complexity

LOW

Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses

CWE-269

Affected Products (CPE)

Apple Macos

Advisories

📋 https://support.apple.com/en-us/127115 📋 https://support.apple.com/en-us/127116 📋 https://support.apple.com/en-us/127117

CVE-2026-28976 ↗CVSS 7.5 — HIGH

Attack Vector

NETWORK

Complexity

LOW

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses

CWE-269CWE-200

Read the full article

This is a curated summary. The complete article is available at CIS Advisories.

Read on CIS Advisories ↗

← Back to feed