Skip to main content

macOS EUVDEUVD-2026-29277

| CVE-2026-28978 HIGH
Improper Access Control (CWE-284)
2026-05-11 apple GHSA-q2h4-qm5p-28rc
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 13, 2026 - 15:53 vuln.today
CVSS changed
May 13, 2026 - 15:52 NVD
8.8 (HIGH)
Patch available
May 11, 2026 - 22:18 EUVD
CVE Published
May 11, 2026 - 20:07 nvd
UNKNOWN (no severity yet)
CVE Published
May 11, 2026 - 20:07 nvd
HIGH 8.8

DescriptionCVE.org

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox.

AnalysisAI

Sandbox escape in macOS Sequoia, Sonoma, and Tahoe allows malicious applications with low privileges to break containment and gain elevated system access. Apple fixed this permissions handling flaw in macOS 15.7.7, 14.8.7, and 26.5 after addressing inadequate sandbox restrictions. No active exploitation confirmed (CISA KEV absent), but the CVSS scope change (S:C) indicates complete sandbox bypass with high impact to confidentiality, integrity, and availability. EPSS score of 0.01% suggests low probability of mass exploitation despite the severity, likely due to the requirement for local app installation and low-privilege authenticated access.

Technical ContextAI

This vulnerability affects macOS sandbox enforcement mechanisms that isolate applications from system resources and other apps. The sandbox is macOS's mandatory access control (MAC) framework based on TrustedBSD and MACF policies that restrict app capabilities through entitlements and profiles. CWE-284 (Improper Access Control) indicates the sandbox's permission validation logic was insufficient, allowing apps to bypass intended restrictions. The CVSS Scope Change (S:C) confirms the vulnerability crosses security boundaries from the sandboxed app context to the broader system context. This class of flaw typically involves race conditions in permission checks, insecure IPC mechanisms, or flaws in XPC service authorization that sandbox policies rely upon. Affects all three actively maintained macOS branches: Sequoia (15.x), Sonoma (14.x), and the newer Tahoe (26.x) release.

RemediationAI

Apply vendor-released patches immediately: upgrade macOS Sequoia to version 15.7.7 or later, macOS Sonoma to version 14.8.7 or later, and macOS Tahoe to version 26.5 or later through System Settings > General > Software Update or via Apple's enterprise deployment tools. Full advisory details at https://support.apple.com/en-us/127115, https://support.apple.com/en-us/127116, and https://support.apple.com/en-us/127117. If immediate patching is impossible, implement compensating controls: restrict application installation to IT-approved software only using MDM policies (reduces exposure to malicious apps but impacts user productivity), enable macOS Gatekeeper with 'App Store and identified developers' restriction (limits unsigned app execution but sophisticated malware may have valid signatures), and monitor sandbox violation logs via Console.app for suspicious com.apple.sandbox.policy violations (increases detection workload and only provides post-compromise visibility). These workarounds do not prevent exploitation if malicious apps are already installed, making patching the only complete remediation.

Share

EUVD-2026-29277 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy