CVE-2026-28832
Published: 25 March 2026
Summary
CVE-2026-28832 is a high-severity Out-of-bounds Read (CWE-125) vulnerability in Apple Macos. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 3.4th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the out-of-bounds read vulnerability through timely patching of the macOS kernel flaw as provided in versions 15.7.5, 14.8.5, and 26.4.
Implements memory protection mechanisms including bounds checking to prevent unauthorized out-of-bounds reads that disclose kernel memory by malicious apps.
Enforces validation of information inputs to the kernel, addressing the root cause of the out-of-bounds read exploited by unprivileged local apps.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB kernel memory read from unprivileged local app directly enables exploitation for privilege escalation (T1068) to achieve code execution/system impact and for credential access (T1212) via disclosed kernel data.
NVD Description
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to disclose kernel memory.
Deeper analysisAI
CVE-2026-28832 is an out-of-bounds read vulnerability (CWE-125) addressed through improved bounds checking in multiple macOS versions. It affects macOS Sequoia prior to 15.7.5, macOS Sonoma prior to 14.8.5, and macOS Tahoe prior to 26.4. A malicious app can exploit this flaw to disclose kernel memory, with a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
The vulnerability enables local exploitation by an unprivileged attacker with low attack complexity and no user interaction required. Successful exploitation allows the attacker to read out-of-bounds kernel memory, potentially leading to high-impact confidentiality violations, arbitrary code execution, or system disruption due to the elevated integrity and availability impacts indicated by the CVSS metrics.
Apple's security advisories provide mitigation details, confirming the issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, and macOS Tahoe 26.4. Practitioners should review the following references for patch deployment and additional guidance: https://support.apple.com/en-us/126794, https://support.apple.com/en-us/126795, and https://support.apple.com/en-us/126796. Immediate updates are recommended for affected systems.
Details
- CWE(s)