CVE-2026-28868 is a vulnerability identified in Apple’s iOS, iPadOS, macOS, visionOS, and watchOS platforms, stemming from a logging issue where sensitive kernel memory data was insufficiently redacted. This flaw allows a local application, potentially without elevated privileges, to disclose kernel memory contents by exploiting the logging mechanism. The vulnerability is categorized under CWE-532, which relates to exposure of sensitive information through logs. The issue requires user interaction but no prior privileges, making it accessible to less privileged attackers who can trick users into running a malicious app or code. Apple has released patches in versions iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4 to address this by improving data redaction in logs, preventing leakage of kernel memory. The CVSS v3.1 score is 5.5 (medium), reflecting the vulnerability’s moderate impact on confidentiality without affecting integrity or availability. No public exploits have been reported, but the potential for sensitive kernel memory disclosure could aid attackers in further exploitation or privilege escalation. The vulnerability affects a broad range of Apple devices, including mobile, desktop, wearable, and emerging visionOS platforms, indicating a wide attack surface.

The primary impact of CVE-2026-28868 is the unauthorized disclosure of kernel memory contents, which compromises the confidentiality of sensitive system information. While this does not directly affect system integrity or availability, leaked kernel memory could contain data useful for attackers to develop further exploits, such as privilege escalation or bypassing security controls. For organizations, this could lead to increased risk of targeted attacks on Apple devices, especially in environments where sensitive data or intellectual property is handled. The requirement for user interaction limits remote exploitation but does not eliminate risk, as social engineering or malicious app distribution could trigger the vulnerability. The broad range of affected Apple platforms means enterprises relying on Apple ecosystems for mobile, desktop, or wearable computing face a potential attack vector. Although no known exploits exist in the wild, the vulnerability’s presence in widely used operating systems necessitates prompt patching to prevent future exploitation. Failure to address this could expose organizations to data leakage and subsequent advanced persistent threats.

Organizations should immediately prioritize updating all affected Apple devices to the patched versions: iOS 18.7.7, iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, visionOS 26.4, and watchOS 26.4. Beyond patching, restrict installation of untrusted or unsigned applications to reduce the risk of malicious apps exploiting this vulnerability. Employ mobile device management (MDM) solutions to enforce update policies and control app deployment. Monitor device logs and behavior for unusual activity that could indicate attempts to exploit kernel memory disclosure. Educate users about the risks of installing apps from unverified sources and the importance of applying system updates promptly. For high-security environments, consider additional endpoint protection mechanisms that can detect anomalous access to kernel memory or logging subsystems. Regularly audit and review logging configurations to ensure sensitive data is not inadvertently exposed. Finally, maintain an incident response plan tailored to Apple ecosystems to quickly address any exploitation attempts.