CVE-2026-28867 is a vulnerability in Apple’s iOS and iPadOS operating systems that allows an application to leak sensitive kernel state information. The kernel is the core component of the operating system responsible for managing system resources and enforcing security boundaries. Leakage of kernel state can provide attackers with critical insights into the system’s internal operations, potentially facilitating privilege escalation or bypassing security mechanisms. This vulnerability stems from inadequate authentication checks that fail to properly restrict access to kernel data. The issue affects multiple Apple platforms, including iOS, iPadOS, macOS Sequoia and Tahoe, tvOS, visionOS, and watchOS, and was resolved by Apple through improved authentication measures in versions iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Tahoe 26.4, and others. The CVSS v3.1 score is 6.2 (medium severity), reflecting that the vulnerability can be exploited locally without privileges or user interaction but can result in high confidentiality impact. No public exploits have been reported, indicating limited current exploitation but a potential risk if weaponized. The vulnerability highlights the importance of strict access controls around kernel data to prevent information leakage that could be leveraged in complex attack chains.

The primary impact of CVE-2026-28867 is the unauthorized disclosure of sensitive kernel state information, which compromises confidentiality. While this does not directly affect system integrity or availability, leaked kernel data can enable attackers to develop more sophisticated exploits, such as privilege escalation or sandbox escapes, increasing the overall risk posture. Organizations relying on Apple devices, especially those handling sensitive or regulated data, face increased risk of targeted attacks if this vulnerability is exploited. The local attack vector means that malicious apps or code running on the device could leverage this flaw without requiring user interaction or elevated privileges, making it a stealthy threat. This could be particularly impactful in environments with BYOD policies or where unvetted apps might be installed. The absence of known exploits reduces immediate risk but does not eliminate the potential for future attacks. Failure to patch could lead to data leakage that undermines trust in Apple device security and complicates compliance with data protection regulations.

To mitigate CVE-2026-28867, organizations and users should promptly update all affected Apple devices to the patched versions: iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, and watchOS 26.4. Beyond patching, organizations should enforce strict app vetting policies to prevent installation of untrusted or malicious applications that could exploit local vulnerabilities. Employing Mobile Device Management (MDM) solutions can help control app installations and enforce security configurations. Monitoring device behavior for unusual kernel access patterns or anomalous app activity may provide early detection of exploitation attempts. Additionally, educating users about the risks of installing apps from untrusted sources reduces exposure. For high-security environments, consider restricting device usage to only necessary applications and disabling developer or debugging features that could facilitate exploitation. Regularly review and update security policies to incorporate emerging threats related to kernel information leakage.