CVE-2026-28864 — Incorrect Authorization in Apple IOS AND Ipados

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

3.3LOWNVD

EPSS

0.0%

top 99.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Visionos +3 more

Timeline

PublishedMar 25

Description

This issue was addressed with improved permissions checking. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A local attacker may gain access to user's Keychain items.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages9 packages

▶CVEListV5apple/macos< 14.8.5+2

▶NVDapple/macos14.0 — 14.8.5+2

▶NVDapple/ipados26.0 — 26.4+1

▶CVEListV5apple/ios_and_ipados< 18.7.7+1

▶CVEListV5apple/watchos< 26.4

🔴Vulnerability Details

CVEList

CVE-2026-28864: This issue was addressed with improved permissions checking↗2026-03-25

▶

GHSA

GHSA-68wg-8f6g-2g2q: This issue was addressed with improved permissions checking↗2026-03-25

▶

🕵️Threat Intelligence

Wiz

CVE-2026-28864 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶