CVE-2026-28964

// Conceptual PoC for CVE-2026-28964 // This code demonstrates how a malicious app might check for the vulnerability // and attempt to access data exploiting inconsistent UI state. import UIKit class VulnerabilityCheck { func checkExploit() { // 1. Check OS Version to confirm vulnerability existence let systemVersion = ProcessInfo.processInfo.operatingSystemVersion let isVulnerable = (systemVersion.majorVersion == 26 && systemVersion.minorVersion < 5) || (systemVersion.majorVersion < 26) if isVulnerable { print("[!] Device is potentially vulnerable to CVE-2026-28964.") // 2. Simulate triggering the UI state inconsistency // In a real scenario, this involves rapid state changes or specific UI transitions self.triggerInconsistentState() // 3. Attempt to access sensitive data self.accessSensitiveData() } else { print("[+] Device is patched (iOS/iPadOS/visionOS 26.5+).") } } private func triggerInconsistentState() { // Simulate a UI transition where state management fails print("[*] Triggering UI state inconsistency...") // This would involve specific API calls that confuse the UI lock state } private func accessSensitiveData() { // Hypothetical access to sensitive data bypassing UI prompts print("[*] Attempting to access sensitive data...") // Simulated data access let sensitiveInfo = "User_Private_Data" print("[+] Successfully leaked data: \(sensitiveInfo)") } } // Usage let check = VulnerabilityCheck() check.checkExploit()

{"cve": {"id": "CVE-2026-28964", "sourceIdentifier": "[email protected]", "published": "2026-05-11T21:18:57.387", "lastModified": "2026-05-12T18:46:22.673", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-451"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "9D9FC2C4-7A7C-4330-A226-255428A5D18E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "0A70A5FD-8891-4C4E-9D35-F217F95027B5"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "C8F45D80-0DF8-444E-9AF1-703A1075F046"}]}]}], "references": [{"url": "https://support.apple.com/en-us/127110", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127120", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}