Cyber Resilience

CVE-2026-28924

High

Published: 11 May 2026

Published
11 May 2026
Modified
12 May 2026
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0004 11.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-28924 is a high-severity Race Condition (CWE-362) vulnerability in Apple Macos. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 11.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Race condition enables unauthorized local contact data access, directly facilitating T1005.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-24103Same product: Apple Macos
CVE-2025-24263Same product: Apple Macos
CVE-2026-28837Same product: Apple Macos
CVE-2024-40858Same product: Apple Macos
CVE-2024-40849Same product: Apple Macos
CVE-2025-30424Same product: Apple Macos
CVE-2025-30444Same product: Apple Macos
CVE-2026-28891Same product: Apple Macos
CVE-2025-24246Same product: Apple Macos
CVE-2026-28817Same product: Apple Macos

Affected Assets

apple
macos
14.0 — 14.8.7 · 15.0 — 15.7.7 · 26.0 — 26.5

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-362

Accurate timestamps from internal clocks enable detection of race conditions by providing reliable event ordering in audit logs.

addresses: CWE-362

Coordination of concurrent security activities reduces the probability that shared resources will be accessed simultaneously without proper synchronization.

References