iDevices: Sensitive user data accessed through malicious symlinks

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

iDevices: Sensitive user data accessed through malicious symlinks

CVE-2026-28866

Summary

Some iOS, iPadOS, and macOS devices may be at risk of data breaches if an attacker tricks the system into accessing sensitive information through a symbolic link. Affected users should update to the latest available software to fix this issue.

Original title

This issue was addressed with improved validation of symlinks. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe ...

Original description

https://support.apple.com/en-us/126792
https://support.apple.com/en-us/126793
https://support.apple.com/en-us/126794
https://support.apple.com/en-us/126795
https://support.apple.com/en-us/126796

Published: 25 Mar 2026 · Updated: 25 Mar 2026 · First seen: 25 Mar 2026