Skip to main content

Apple iOS, macOS, tvOS, watchOS CVE-2026-28994

| EUVDEUVD-2026-29287 MEDIUM
Use After Free (CWE-416)
2026-05-11 apple GHSA-w3jp-cxwr-6jwc
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 12, 2026 - 18:26 vuln.today
CVSS changed
May 12, 2026 - 18:22 NVD
5.3 (MEDIUM)
Patch available
May 11, 2026 - 22:18 EUVD
CVE Published
May 11, 2026 - 20:08 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 20:08 nvd
MEDIUM 5.3

DescriptionCVE.org

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets.

AnalysisAI

A use-after-free vulnerability in Apple's Wi-Fi stack allows attackers in a privileged network position to cause denial-of-service via crafted Wi-Fi packets. The vulnerability affects iOS and iPadOS versions prior to 26.5 and 18.7.9, macOS versions prior to 26.5, 15.7.7, and 14.8.7, and tvOS, watchOS versions prior to 26.5. Exploitation requires adjacent network access and specific radio conditions (AC:H) but results in high availability impact with no active public exploitation identified.

Technical ContextAI

The vulnerability is a use-after-free (CWE-416) memory corruption flaw in Apple's Wi-Fi packet handling subsystem. The flaw occurs when the Wi-Fi stack processes specially crafted Wi-Fi frames, leading to a freed memory region being subsequently accessed during packet processing. This is a classic memory safety issue where improper lifecycle management of Wi-Fi frame buffers or associated data structures allows an attacker to trigger undefined behavior. The attack vector is adjacent network (AV:A), meaning the attacker must be on the same Wi-Fi network or capable of injecting frames into the wireless medium - a privileged network position that requires proximity and often specialized equipment.

RemediationAI

Vendor-released patches are available: update iOS and iPadOS to version 26.5 or 18.7.9 or later, macOS to version 26.5 (Tahoe), 15.7.7 (Sequoia), or 14.8.7 (Sonoma) or later, tvOS to 26.5 or later, and watchOS to 26.5 or later. These updates address the memory management flaw in the Wi-Fi stack. If immediate patching is not feasible, mitigating controls include restricting physical proximity to corporate Wi-Fi networks (use enterprise SSID with strong authentication), disabling Wi-Fi on devices not requiring it, and implementing network segmentation to isolate critical systems. Note that workarounds are limited due to the network-adjacent requirement - the most practical control is ensuring only trusted networks are accessible. Refer to Apple's advisories at the links above for version-specific patch details and deployment guidance.

Share

CVE-2026-28994 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy