Cyber Resilience

CVE-2026-28832

High

Published: 25 March 2026

Published
25 March 2026
Modified
26 March 2026
KEV Added
Patch
CVSS Score v3.1 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0020 9.4th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-28832 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Apple Macos. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 9.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-28832 is an out-of-bounds read vulnerability (CWE-125) addressed through improved bounds checking in multiple macOS versions. It affects macOS Sequoia prior to 15.7.5, macOS Sonoma prior to 14.8.5, and macOS Tahoe prior to 26.4. A malicious app can exploit this flaw to disclose kernel memory, with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

The vulnerability enables local exploitation by an unprivileged attacker with low attack complexity and no user interaction required. Successful exploitation allows the attacker to read out-of-bounds kernel memory, potentially leading to high-impact confidentiality violations, arbitrary code execution, or system disruption due to the elevated integrity and availability impacts indicated by the CVSS metrics.

Apple's security advisories provide mitigation details, confirming the issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Practitioners should review the following references for patch deployment and additional guidance: https://support.apple.com/en-us/126794, https://support.apple.com/en-us/126795, and https://support.apple.com/en-us/126796. Immediate updates are recommended for affected systems.

EU & UK References

Vulnerability details

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to disclose kernel memory.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1212 Exploitation for Credential Access Credential Access
Adversaries may exploit software vulnerabilities in an attempt to collect credentials.
Why these techniques?

OOB kernel memory read from unprivileged local app directly enables exploitation for privilege escalation (T1068) to achieve code execution/system impact and for credential access (T1212) via disclosed kernel data.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-24196Same product: Apple Macos
CVE-2025-24256Same product: Apple Macos
CVE-2025-24228Same product: Apple Macos
CVE-2025-30458Same product: Apple Macos
CVE-2024-44199Same product: Apple Macos
CVE-2025-24265Same product: Apple Macos
CVE-2026-20620Same product: Apple Macos
CVE-2025-43189Same product: Apple Macos
CVE-2025-24195Same product: Apple Macos
CVE-2026-28925Same product: Apple Macos

Affected Assets

apple
macos
14.0 — 14.8.5 · 15.0 — 15.7.5 · 26.0 — 26.4

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the out-of-bounds read vulnerability through timely patching of the macOS kernel flaw as provided in versions 15.7.5, 14.8.5, and 26.4.

prevent

Implements memory protection mechanisms including bounds checking to prevent unauthorized out-of-bounds reads that disclose kernel memory by malicious apps.

prevent

Enforces validation of information inputs to the kernel, addressing the root cause of the out-of-bounds read exploited by unprivileged local apps.

References