A buffer overflow was addressed with improved bounds checking.
macOSApple
MacOS Sonoma 14.8.7
Released May 11, 2026
APFS
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28959: Dave G.
AppleJPEG
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: A memory corruption issue was addressed with improved input validation.
CVE-2026-28956: impost0r (ret2plt)
Audio
Available for: macOS Sonoma
Impact: Processing an audio stream in a maliciously crafted media file may terminate the process
Description: The issue was addressed with improved memory handling.
CVE-2026-39869: David Ige of Beryllium Security
CoreMedia
Available for: macOS Sonoma
Impact: An app may be able to access private information
Description: This issue was addressed through improved state management.
CVE-2026-28922: Arni Hardarson
CoreServices
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2026-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
CUPS
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
FileProvider
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-43659: Alex Radocea
GPU Drivers
Available for: macOS Sonoma
Impact: A malicious app may be able to break out of its sandbox
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28923: Kun Peeks (@SwayZGl1tZyyy)
HFS
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28925: Dave G., Aswin Kumar Gokula Kannan
Icons
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2025-43524: Csaba Fitzl (@theevilbit) of Iru
ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: The issue was addressed with improved bounds checks.
CVE-2026-28977: Suresh Sundaram
ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted image may corrupt process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-28990: Jiri Ha, Arni Hardarson
Installer
Available for: macOS Sonoma
Impact: A malicious app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28978: wdszzml and Atuin Automated Vulnerability Discovery Engine
IOHIDFamily
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected app termination
Description: A memory corruption vulnerability was addressed with improved locking.
CVE-2026-28992: Johnny Franks (@zeroxjf)
IOHIDFamily
Available for: macOS Sonoma
Impact: An app may be able to determine kernel memory layout
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28943: Google Threat Analysis Group
IOKit
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory management.
CVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar
Kernel
Available for: macOS Sonoma
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)
Kernel
Available for: macOS Sonoma
Impact: A maliciously crafted disk image may bypass Gatekeeper checks
Description: A file quarantine bypass was addressed with additional checks.
CVE-2026-28954: Yiğit Can YILMAZ (@yilmazcanyigit)
Kernel
Available for: macOS Sonoma
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: A buffer overflow was addressed with improved input validation.
CVE-2026-28897: Robert Tran, popku1337, Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Aswin kumar Gokulakannan
Kernel
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: An integer overflow was addressed with improved input validation.
CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic Research
Kernel
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A denial of service issue was addressed by removing the vulnerable code.
CVE-2026-28908: beist
Kernel
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state management.
CVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru
Kernel
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)
Kernel
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with additional validation.
CVE-2026-28986: Tristan Madani (@TristanInSec) from Talence Security, Ryan Hileman via Xint Code (xint.io), Chris Betz
Kernel
Available for: macOS Sonoma
Impact: An app may be able to leak sensitive kernel state
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)
Mail Drafts
Available for: macOS Sonoma
Impact: Replying to an email could display remote images in Mail in Lockdown Mode
Description: A logic issue was addressed with improved checks.
CVE-2026-28929: Yiğit Can YILMAZ (@yilmazcanyigit)
mDNSResponder
Available for: macOS Sonoma
Impact: An attacker on the local network may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2026-43653: Atul R V
mDNSResponder
Available for: macOS Sonoma
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A use after free issue was addressed with improved memory management.
CVE-2026-43668: Anton Pakhunov, Ricardo Prado
mDNSResponder
Available for: macOS Sonoma
Impact: An attacker on the local network may be able to cause a denial-of-service
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-43666: Ian van der Wurff (ian.nl)
Networking
Available for: macOS Sonoma
Impact: An attacker may be able to track users through their IP address
Description: This issue was addressed through improved state management.
CVE-2026-28906: Ilya Sc. Jowell A.
PackageKit
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28840: Morris Richman (@morrisinlife), Andrei Dodu
Quick Look
Available for: macOS Sonoma
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2026-43656: Peter Malone
SceneKit
Available for: macOS Sonoma
Impact: Processing a maliciously crafted image may corrupt process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-39870: Peter Malone
SceneKit
Available for: macOS Sonoma
Impact: A remote attacker may be able to cause unexpected app termination
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28846: Peter Malone
Shortcuts
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by adding an additional prompt for user consent.
CVE-2026-28993: Doron Assness
Storage
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-28996: Alex Radocea
StorageKit
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A consistency issue was addressed with improved state handling.
CVE-2026-28919: Amy (amys.website)
Sync Services
Available for: macOS Sonoma
Impact: An app may be able to access Contacts without user consent
Description: A race condition was addressed with improved handling of symbolic links.
CVE-2026-28924: YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab, Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
TV App
Available for: macOS Sonoma
Impact: An app may be able to observe unprotected user data
Description: A path handling issue was addressed with improved logic.
CVE-2026-39871: an anonymous researcher
Wi-Fi
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-28819: Wang Yu
Wi-Fi
Available for: macOS Sonoma
Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets
Description: A use after free issue was addressed with improved memory management.
CVE-2026-28994: Alex Radocea
zlib
Available for: macOS Sonoma
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: An information leakage was addressed with additional validation.
CVE-2026-28920: Brendon Tiszka of Google Project Zero
