惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Last Watchdog
The Last Watchdog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Troy Hunt's Blog
L
LINUX DO - 最新话题
C
Check Point Blog
T
Threat Research - Cisco Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
罗磊的独立博客
V
Vulnerabilities – Threatpost
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
J
Java Code Geeks
Apple Machine Learning Research
Apple Machine Learning Research
大猫的无限游戏
大猫的无限游戏
S
Security @ Cisco Blogs
IT之家
IT之家
T
The Exploit Database - CXSecurity.com
The GitHub Blog
The GitHub Blog
D
Docker
Engineering at Meta
Engineering at Meta
AWS News Blog
AWS News Blog
S
Security Affairs
U
Unit 42
P
Palo Alto Networks Blog
V
Visual Studio Blog
Y
Y Combinator Blog
D
DataBreaches.Net
Forbes - Security
Forbes - Security
阮一峰的网络日志
阮一峰的网络日志
美团技术团队
Security Latest
Security Latest
aimingoo的专栏
aimingoo的专栏
Simon Willison's Weblog
Simon Willison's Weblog
A
Arctic Wolf
博客园_首页
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
H
Hacker News: Front Page
博客园 - 司徒正美
博客园 - Franky
宝玉的分享
宝玉的分享
TaoSecurity Blog
TaoSecurity Blog
Latest news
Latest news
Scott Helme
Scott Helme
MongoDB | Blog
MongoDB | Blog
量子位
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
P
Privacy International News Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog

Hacker News

Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Retrofitting JIT Compilers into C Interpreters IPv6 – Google The Accursèd Alphabetical Clock Cybersecurity Looks Like Proof of Work Now Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent When moving fast, talking is the first thing to break Too much Discussion of the XOR swap trick – Heather Cafe Introduction to Spherical Harmonics for Graphics Programmers The Grand Line Building a Z-Machine in the worst possible language High-Level Rust: Getting 80% of the Benefits with 20% of the Pain GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The air throughout our homes is infused with microplastics. But there are things you can do to breathe less of them The disturbing white paper Red Hat is trying to erase from the internet – OSnews The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong Artemis II crew splashes down near San Diego after historic moon mission We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Cooperative Vectors Introduction | Evolve Keeping a Postgres queue healthy — PlanetScale Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? The Zettelkasten Method in Obsidian: A Practical Setup Guide Artemis II Is Competency Porn and We Are Starving For It WeakC4 Flight Viz — Cockpit View A Mexican surveillance giant you’ve never heard of is now watching the U.S. border Surelock: Deadlock-Free Mutexes for Rust RISC-V 101 – what is it and what does it mean for Canonical? | Ubuntu The Problem That Built an Industry How Much Linear Memory Access Is Enough? | Solidean Investigating Split Locks on x86-64 Simplest hash functions Sybilproof reputation mechanisms (2005) [pdf] What is a property? How Complex is my Code? Static code analysis in Kotlin — tools overview Toffoli gates are all you need PGLite evangelism dcmake: a new CMake debugger UI Clojure on Fennel part one: Persistent Data Structures Fragments: April 2 Python Release Python install manager 26.1 The Life and Death of the Book Review - Liberties Introducing Database Traffic Control — PlanetScale Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Building slogbox Apple Silicon and Virtual Machines: Beating the 2 VM Limit Who was “Not Even Wrong” first? Pokemon Evolution Vs Darwinian Evolution The APL Programming Language Source Code
About the security content of macOS Tahoe 26.5 - Apple Support
dragonsensei · 2026-05-26 · via Hacker News

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

Released May 11, 2026

Available for: macOS Tahoe

Impact: An app may be able to cause a denial-of-service

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2026-28991: Seiji Sakurai (@HeapSmasher)

Available for: macOS Tahoe

Impact: An app may be able to bypass certain Privacy preferences

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-28988: Asaf Cohen

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28959: Dave G.

Available for: macOS Tahoe

Impact: A malicious app may be able to break out of its sandbox

Description: A logic issue was addressed with improved restrictions.

CVE-2026-28995: Vamshi Paili, Tony Gorez (@tonygo_) for Reverse Society

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may lead to a denial-of-service

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

CVE-2026-1837

Available for: macOS Tahoe

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: A memory corruption issue was addressed with improved input validation.

CVE-2026-28956: impost0r (ret2plt)

Available for: macOS Tahoe

Impact: Processing an audio stream in a maliciously crafted media file may terminate the process

Description: The issue was addressed with improved memory handling.

CVE-2026-39869: David Ige of Beryllium Security

Available for: macOS Tahoe

Impact: An app may be able to access private information

Description: This issue was addressed through improved state management.

CVE-2026-28922: Arni Hardarson

Available for: macOS Tahoe

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: The issue was addressed with improved checks.

CVE-2026-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

Available for: macOS Tahoe

Impact: Parsing a maliciously crafted file may lead to an unexpected app termination

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2026-28918: Niels Hofmans, Anonymous working with TrendAI Zero Day Initiative

Available for: macOS Tahoe

Impact: An app may be able to gain root privileges

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2026-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

Available for: macOS Tahoe

Impact: An app may be able to access sensitive user data

Description: A race condition was addressed with additional validation.

CVE-2026-43659: Alex Radocea

Available for: macOS Tahoe

Impact: A malicious app may be able to break out of its sandbox

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28923: Kun Peeks (@SwayZGl1tZyyy)

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28925: Aswin Kumar Gokula Kannan, Dave G.

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may corrupt process memory

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2026-43661: an anonymous researcher

Available for: macOS Tahoe

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: The issue was addressed with improved bounds checks.

CVE-2026-28977: Suresh Sundaram

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-28990: Jiri Ha, Arni Hardarson

Available for: macOS Tahoe

Impact: A malicious app may be able to break out of its sandbox

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-28978: wdszzml and Atuin Automated Vulnerability Discovery Engine

Available for: macOS Tahoe

Impact: An attacker may be able to cause unexpected app termination

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2026-28992: Johnny Franks (@zeroxjf)

Available for: macOS Tahoe

Impact: An app may be able to determine kernel memory layout

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28943: Google Threat Analysis Group

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination

Description: A use after free issue was addressed with improved memory management.

CVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination or read kernel memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2026-43655: Somair Ansar and an anonymous researcher

Available for: macOS Tahoe

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)

Available for: macOS Tahoe

Impact: An app may be able to modify protected parts of the file system

Description: A denial of service issue was addressed by removing the vulnerable code.

CVE-2026-28908: beist

Available for: macOS Tahoe

Impact: A maliciously crafted disk image may bypass Gatekeeper checks

Description: A file quarantine bypass was addressed with additional checks.

CVE-2026-28954: Yiğit Can YILMAZ (@yilmazcanyigit)

Available for: macOS Tahoe

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: A buffer overflow was addressed with improved input validation.

CVE-2026-28897: popku1337, Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Robert Tran, Aswin kumar Gokulakannan

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination

Description: An integer overflow was addressed with improved input validation.

CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic Research

Available for: macOS Tahoe

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)

Available for: macOS Tahoe

Impact: An app may be able to cause unexpected system termination

Description: A race condition was addressed with additional validation.

CVE-2026-28986: Chris Betz, Tristan Madani (@TristanInSec) from Talence Security, Ryan Hileman via Xint Code (xint.io)

Available for: macOS Tahoe

Impact: An app may be able to leak sensitive kernel state

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)

Available for: macOS Tahoe

Impact: A remote attacker may be able to cause a denial of service

Description: A type confusion issue was addressed with improved checks.

CVE-2026-28983: Ruslan Dautov

Available for: macOS Tahoe

Impact: Replying to an email could display remote images in Mail in Lockdown Mode

Description: A logic issue was addressed with improved checks.

CVE-2026-28929: Yiğit Can YILMAZ (@yilmazcanyigit)

Available for: macOS Tahoe

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2026-43653: Atul R V

Available for: macOS Tahoe

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: A null pointer dereference was addressed with improved input validation.

CVE-2026-28985: Omar Cerrito

Available for: macOS Tahoe

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A use after free issue was addressed with improved memory management.

CVE-2026-43668: Anton Pakhunov, Ricardo Prado

Available for: macOS Tahoe

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2026-43666: Ian van der Wurff (ian.nl)

Available for: macOS Tahoe

Impact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents

Description: The issue was addressed with improved checks.

CVE-2026-28941: Michael DePlante (@izobashi) of TrendAI Zero Day Initiative

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-28940: Michael DePlante (@izobashi) of TrendAI Zero Day Initiative

Available for: macOS Tahoe

Impact: An attacker with physical access to a locked device may be able to view sensitive user information

Description: This issue was addressed with improved checks.

CVE-2026-28961: Dan Raviv

Available for: macOS Tahoe

Impact: An attacker may be able to track users through their IP address

Description: This issue was addressed through improved state management.

CVE-2026-28906: Ilya Sc. Jowell A.

Available for: macOS Tahoe

Impact: Parsing a maliciously crafted file may lead to an unexpected app termination

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2026-43656: Peter Malone

Available for: macOS Tahoe

Impact: An app may be able to access protected user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-43652: Asaf Cohen

Available for: macOS Tahoe

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-39870: Peter Malone

Available for: macOS Tahoe

Impact: A remote attacker may be able to cause unexpected app termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28846: Peter Malone

Available for: macOS Tahoe

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by adding an additional prompt for user consent.

CVE-2026-28993: Doron Assness

Available for: macOS Tahoe

Impact: A remote attacker may be able to cause unexpected system termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28848: Peter Malone, Dave G. and Alex Radocea of Supernetworks

Available for: macOS Tahoe

Impact: An app may be able to access protected user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-28930: Pan ZhenPeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.

Available for: macOS Tahoe

Impact: An app may be able to cause a denial-of-service

Description: This issue was addressed with improved checks to prevent unauthorized actions.

CVE-2026-28974: Andy Koo (@andykoo) of Hexens

Available for: macOS Tahoe

Impact: An app may be able to access sensitive user data

Description: A race condition was addressed with additional validation.

CVE-2026-28996: Alex Radocea

Available for: macOS Tahoe

Impact: An app may be able to gain root privileges

Description: A consistency issue was addressed with improved state handling.

CVE-2026-28919: Amy (amys.website)

Available for: macOS Tahoe

Impact: An app may be able to access Contacts without user consent

Description: A race condition was addressed with improved handling of symbolic links.

CVE-2026-28924: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs, YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab

Available for: macOS Tahoe

Impact: An app may be able to observe unprotected user data

Description: A path handling issue was addressed with improved logic.

CVE-2026-39871: an anonymous researcher

Available for: macOS Tahoe

Impact: An app may be able to gain root privileges

Description: An information leakage was addressed with additional validation.

CVE-2026-28976: David Ige - Beryllium Security

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: A validation issue was addressed with improved logic.

WebKit Bugzilla: 308906

CVE-2026-43660: Cantina

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

Description: The issue was addressed with improved input validation.

WebKit Bugzilla: 308675

CVE-2026-28907: Cantina

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may disclose sensitive user information

Description: This issue was addressed with improved access restrictions.

WebKit Bugzilla: 309698

CVE-2026-28962: Luke Francis, Vaagn Vardanian, kwak kiyong / kakaogames, Vitaly Simonovich, Adel Bouachraoui, greenbynox

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 307669

CVE-2026-43658: Do Young Park

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 308545

CVE-2026-28905: Yuhao Hu, Yuanming Lai, Chenggang Wu, and Zhe Wang

WebKit Bugzilla: 308707

CVE-2026-28847: DARKNAVY (@DarkNavyOrg), Anonymous working with TrendAI Zero Day Initiative, Daniel Rhea

WebKit Bugzilla: 309601

CVE-2026-28904: Luka Rački

WebKit Bugzilla: 310880

CVE-2026-28955: wac and Kookhwan Lee working with TrendAI Zero Day Initiative

WebKit Bugzilla: 310303

CVE-2026-28903: Mateusz Krzywicki (iVerify.io)

WebKit Bugzilla: 309628

CVE-2026-28953: Maher Azzouzi

WebKit Bugzilla: 309861

CVE-2026-28902: Tristan Madani (@TristanInSec) from Talence Security, Nathaniel Oh (@calysteon)

WebKit Bugzilla: 310207

CVE-2026-28901: Aisle offensive security research team (Joshua Rogers, Luigino Camastra, Igor Morgenstern, and Guido Vranken), Maher Azzouzi, Ngan Nguyen of Calif.io

WebKit Bugzilla: 311631

CVE-2026-28913: an anonymous researcher

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 313939

CVE-2026-28883: kwak kiyong / kakaogames

Available for: macOS Tahoe

Impact: An app may be able to access sensitive user data

Description: This issue was addressed with improved data protection.

WebKit Bugzilla: 311228

CVE-2026-28958: Cantina

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved input validation.

WebKit Bugzilla: 310527

CVE-2026-28917: Vitaly Simonovich

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 310234

CVE-2026-28947: dr3dd

WebKit Bugzilla: 310544

CVE-2026-28946: Gia Bui (@yabeow) from Calif.io, dr3dd, w0wbox

WebKit Bugzilla: 312180

CVE-2026-28942: Milad Nasr and Nicholas Carlini with Claude, Anthropic

Available for: macOS Tahoe

Impact: A malicious iframe may use another website’s download settings

Description: The issue was addressed with improved UI handling.

WebKit Bugzilla: 311288

CVE-2026-28971: Khiem Tran

Available for: macOS Tahoe

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 311131

CVE-2026-28944: Kenneth Hsu of Palo Alto Networks, Jérôme DJOUDER, dr3dd

Available for: macOS Tahoe

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2026-28819: Wang Yu

Available for: macOS Tahoe

Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets

Description: A use after free issue was addressed with improved memory management.

CVE-2026-28994: Alex Radocea

Available for: macOS Tahoe

Impact: A maliciously crafted ZIP archive may bypass Gatekeeper checks

Description: A logic issue was addressed with improved file handling.

CVE-2026-28914: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs (nosebeard.co)

Available for: macOS Tahoe

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: An information leakage was addressed with additional validation.

CVE-2026-28920: Brendon Tiszka of Google Project Zero

We would like to acknowledge Mikael Kinnman for their assistance.

We would like to acknowledge Asaf Cohen, Johan Wahyudi for their assistance.

We would like to acknowledge Iván Savransky, Kun Peeks (@SwayZGl1tZyyy), YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab for their assistance.

We would like to acknowledge Brian Carpenter for their assistance.

We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance.

We would like to acknowledge Jordan Pittman for their assistance.

We would like to acknowledge Mustafa Calap ​ for their assistance.

We would like to acknowledge an anonymous researcher for their assistance.

We would like to acknowledge Ryan Hileman via Xint Code (xint.io), an anonymous researcher for their assistance.

We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance.

We would like to acknowledge Chris Staite and David Hardy of Menlo Security Inc for their assistance.

We would like to acknowledge Ilias Morad (@A2nkF_) for their assistance.

We would like to acknowledge Kun Peeks (@SwayZGl1tZyyy) for their assistance.

We would like to acknowledge Jason Grove for their assistance.

We would like to acknowledge Jeffery Kimbrow for their assistance.

We would like to acknowledge Asilbek Salimov for their assistance.

We would like to acknowledge Anand Patil for their assistance.

We would like to acknowledge Christopher Mathews for their assistance.

We would like to acknowledge Cem Onat Karagun, Surya Kushwaha for their assistance.

We would like to acknowledge sean mutuku for their assistance.

We would like to acknowledge Robert Mindo for their assistance.

We would like to acknowledge Yoav Magid for their assistance.

We would like to acknowledge Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs for their assistance.

We would like to acknowledge Muhammad Zaid Ghifari (Mr.ZheeV), Kalimantan Utara, Qadhafy Muhammad Tera, Vitaly Simonovich for their assistance.

We would like to acknowledge Hyeonji Son (@jir4vv1t) of Demon Team for their assistance.

We would like to acknowledge Kun Peeks (@SwayZGl1tZyyy) for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: