CVE-2026-28868 is a security vulnerability identified in Apple’s iOS, iPadOS, macOS, visionOS, and watchOS platforms. The root cause is a logging issue where sensitive kernel memory data was not properly redacted before being logged, allowing an application to potentially access and disclose kernel memory contents. Kernel memory contains critical information about the operating system’s core functions and security mechanisms. Disclosure of this memory can enable attackers to understand kernel internals, identify security controls, and develop exploits to bypass protections or escalate privileges. The vulnerability was addressed by Apple through improved data redaction in logging mechanisms, with patches released in versions iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4. No public exploits or active exploitation in the wild have been reported to date. Exploitation requires an app to be installed on the device, but does not require user interaction beyond that. The vulnerability affects a wide range of Apple operating systems, indicating a systemic issue in logging practices across platforms. The absence of a CVSS score necessitates an independent severity assessment based on the potential impact and exploitation complexity.

The potential impact of CVE-2026-28868 is significant for organizations and individuals using Apple devices. Disclosure of kernel memory can compromise the confidentiality and integrity of the operating system by exposing internal kernel data structures and security mechanisms. This information can be leveraged by attackers to craft more effective privilege escalation or sandbox escape exploits, potentially leading to full device compromise. For enterprises, this could result in unauthorized access to sensitive corporate data, disruption of device operations, and erosion of trust in device security. The vulnerability affects a broad range of Apple platforms, including mobile devices, desktops, wearables, and emerging visionOS devices, expanding the attack surface. Although no active exploitation is known, the ease of exploitation by any installed app raises the risk of targeted attacks or malware leveraging this flaw. Organizations with high-value targets or sensitive intellectual property on Apple devices are particularly at risk. The vulnerability also poses risks to user privacy and device integrity, impacting sectors such as finance, healthcare, government, and technology.

To mitigate CVE-2026-28868, organizations and users should immediately apply the security updates released by Apple for all affected platforms, including iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4. Beyond patching, organizations should enforce strict app vetting and installation policies to minimize the risk of malicious or untrusted applications being installed on devices. Employ Mobile Device Management (MDM) solutions to control app permissions and monitor device logs for suspicious activity related to kernel memory access. Limit the use of third-party apps to those from trusted sources and regularly audit installed applications. Implement network segmentation and endpoint detection and response (EDR) tools to detect anomalous behavior that could indicate exploitation attempts. Educate users about the risks of installing unverified apps and encourage prompt installation of OS updates. For high-security environments, consider additional hardening measures such as disabling unnecessary logging or restricting debug capabilities that could expose kernel memory.