VDB

CVE-2026-28924

CVE-2026-28924 PUBLISHED

A race condition was addressed with improved handling of symbolic links. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access Contacts without user consent.

EPSS 0.04% · 11.3th percentile

Risk Scores

EPSS Score
0.04%
11.3th percentile

Affected Products

VendorProductVersions
ApplemacOS0, 0, 0

Timeline

  • May 11, 2026 CVE Published
  • May 12, 2026 Security Advisory
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score
  • May 27, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›