A null pointer dereference was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5. An attacker on the local network may be able to cause a denial-of-service.
References
| Link | Resource |
|---|---|
| https://support.apple.com/en-us/127110 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/127115 | Release Notes Vendor Advisory |
| https://support.apple.com/en-us/127118 | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
13 May 2026, 14:08
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:* cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* |
|
| References | () https://support.apple.com/en-us/127110 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/127115 - Release Notes, Vendor Advisory | |
| References | () https://support.apple.com/en-us/127118 - Release Notes, Vendor Advisory | |
| First Time |
Apple iphone Os
Apple tvos Apple Apple macos Apple ipados |
12 May 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.2 |
| CWE | CWE-476 |
11 May 2026, 21:18
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-05-11 21:18
Updated : 2026-05-13 14:08
NVD link : CVE-2026-28985
Mitre link : CVE-2026-28985
CVE.ORG link : CVE-2026-28985
JSON object : View
Products Affected
apple
- ipados
- tvos
- macos
- iphone_os
CWE
CWE-476
NULL Pointer Dereference