Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
CVE-2026-28995: iOS Apps Can Break Out of Their Restricted Areas
CVE-2026-28995
Summary
A security issue in certain Apple operating systems allowed a malicious app to escape its restricted area. This could potentially allow the app to access sensitive information or cause harm. Apple has fixed this issue in multiple versions of its operating systems.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| apple | ipados |
< 18.7.9 >= 26.0, < 26.5 cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* |
| apple | iphone_os |
< 18.7.9 >= 26.0, < 26.5 cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
| apple | macos |
>= 26.0, < 26.5 cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* |
| apple | tvos |
< 26.5 cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* |
| apple | visionos |
< 26.5 cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:* |
| apple | watchos |
< 26.5 cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:* |
Original title
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A ma...
Original description
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox.
Vulnerability type
CWE-269
Improper Privilege Management
Published: 11 May 2026 · Updated: 18 May 2026 · First seen: 11 May 2026