CVE-2026-28924 — Vulnetix

Try Vulnetix Request Demo

CVE-2026-28924 PUBLISHED

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent.

Affected Products

Vendor	Product	Versions
Apple	macOS	0, 0, 0

Timeline

May 11, 2026 CVE Published
May 12, 2026 Security Advisory

References

https://support.apple.com/en-us/127115 url
https://support.apple.com/en-us/127116 url
https://support.apple.com/en-us/127117 url
https://nvd.nist.gov/vuln/detail/CVE-2026-28924 advisory
https://support.apple.com/en-us/127114 advisory
https://support.apple.com/en-us/127118 advisory
https://support.apple.com/en-us/127110 advisory
https://support.apple.com/en-us/127111 advisory
https://support.apple.com/en-us/127113 advisory
https://support.apple.com/en-us/127119 advisory
https://support.apple.com/en-us/127120 advisory
https://support.apple.com/en-us/127112 advisory

Open in Interactive Console →