CVE-2026-28987

Description

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* - VULNERABLE

iOS < 18.7.9

iOS < 26.5

iPadOS < 18.7.9

iPadOS < 26.5

macOS Sequoia < 15.7.7

macOS Sonoma < 14.8.7

macOS Tahoe < 26.5

tvOS < 26.5

watchOS < 26.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// PoC for CVE-2026-28987: Sensitive Kernel State Leakage
// This code demonstrates how to trigger the logging issue.

#include <stdio.h>
#include <syslog.h>

int main() {
    openlog("cve_poc", LOG_PID | LOG_CONS, LOG_USER);
    // Trigger the vulnerable logging path
    syslog(LOG_INFO, "Triggering kernel state leak...");
    
    // In a real exploit, the attacker would parse /var/log/system.log
    // for kernel pointers泄露.
    
    closelog();
    return 0;
}

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-28987
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-28987
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-28987/
[4] VulDB https://vuldb.com/cve/CVE-2026-28987
[5] https://support.apple.com/en-us/127110
[6] https://support.apple.com/en-us/127111
[7] https://support.apple.com/en-us/127115
[8] https://support.apple.com/en-us/127116
[9] https://support.apple.com/en-us/127117
[10] https://support.apple.com/en-us/127118
[11] https://support.apple.com/en-us/127119

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-28987", "sourceIdentifier": "[email protected]", "published": "2026-05-11T21:18:58.720", "lastModified": "2026-05-12T17:16:41.177", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-532"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.9", "matchCriteriaId": "F3968B76-E6DE-416D-A0FB-E4833FFAAE0F"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "20644D7E-2AB6-48CA-AED4-C474A9867986"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.9", "matchCriteriaId": "B6431EAF-B395-4C19-9AB6-A2F45991C897"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "1BE54A3B-D667-43BA-AB71-BCF8438054E0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "14.0", "versionEndExcluding": "14.8.7", "matchCriteriaId": "DD9E7FAE-30DA-4B2B-A63A-6DFEA7A29933"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "15.0", "versionEndExcluding": "15.7.7", "matchCriteriaId": "2984C440-3DC2-413A-B5FA-1FAB21078DB8"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "26.0", "versionEndExcluding": "26.5", "matchCriteriaId": "6CB91417-90A8-4A9B-A1D0-1D94B80EF837"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "176C47FD-FA25-437B-9061-A81CAA367AEF"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "versionEndExcluding": "26.5", "matchCriteriaId": "057B244F-5485-4108-8E23-FE15F5256EE7"}]}]}], "references": [{"url": "https://support.apple.com/en-us/127110", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127111", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127115", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127116", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127117", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127118", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/127119", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}]}}