Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
5DescriptionCVE.org
This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data.
AnalysisAI
Local authenticated apps bypass user consent mechanisms to access sensitive user data across iOS 18.7.8 and earlier, iPadOS 18.7.8 and earlier, macOS Sequoia 15.7.6 and earlier, macOS Sonoma 14.8.6 and earlier, macOS Tahoe 26.4 and earlier, and visionOS 26.4 and earlier. The vulnerability allows malicious or compromised applications running with standard user privileges to exfiltrate protected information without triggering the expected permission prompts. Apple has patched this by implementing an additional consent verification layer, though the low EPSS score (0.02%) suggests real-world exploitation remains limited.
Technical ContextAI
This vulnerability resides in Apple's application sandbox and privacy permission model, specifically in the mechanisms governing sensitive data access requests classified under CWE-284 (Improper Access Control). The flaw permits apps with only local system access and standard user privileges to circumvent the inter-process communication (IPC) barriers and privacy prompts that normally gate access to protected user data such as contacts, photos, location, or health information. The iOS, iPadOS, macOS, and visionOS affected products all share a common privacy framework that enforces permission checks before granting access to user-sensitive resources; the vulnerability indicates a gap in this framework's enforcement layer, likely in the code path responsible for validating app entitlements or user consent before data exposure.
RemediationAI
Vendor-released patches are available: iOS and iPadOS 18.7.9 and 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, and visionOS 26.5. Users should apply these updates immediately through Settings > General > Software Update on iOS/iPadOS/visionOS or System Settings > General > Software Update on macOS. No workarounds are available for users on vulnerable versions; mitigation requires patching. As a temporary compensating control, restrict installation of third-party apps from untrusted sources and review installed app permissions in Settings > Privacy & Security (iOS/iPadOS) or System Settings > Privacy & Security (macOS) to disable access to sensitive data categories for apps that do not explicitly require such access. However, this control is imperfect because it relies on user awareness and does not prevent already-installed or system apps from exploiting the vulnerability. Refer to https://nvd.nist.gov/vuln/detail/CVE-2026-28993 for additional vendor guidance.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-29286
GHSA-vx52-282h-fq3g