CVE-2026-28920: Visiting a maliciously crafted website may leak sensitive data in Apple iOS and iPadOS
CVE-2026-28920 is an information leakage vulnerability in Apple iOS and iPadOS. Visiting a maliciously crafted website may cause sensitive data to be leaked. Apple addressed this issue by adding additional validation and released fixes in iOS 18. 7. 9, iPadOS 18. 7. 9, and corresponding updates for other Apple operating systems. No known exploits are reported in the wild at this time.
AI Analysis
Technical Summary
This vulnerability involves an information leakage flaw in Apple iOS and iPadOS that can be triggered by visiting a maliciously crafted website. The issue was mitigated by Apple through additional validation checks. The fix is included in iOS 18.7.9, iPadOS 18.7.9, and related updates for macOS, tvOS, visionOS, and watchOS. No CVSS score is provided, and no active exploitation has been observed.
Potential Impact
The impact is limited to potential leakage of sensitive data when a user visits a malicious website on affected Apple devices. There are no reports of active exploitation in the wild. The vulnerability could expose user data to attackers under these conditions.
Mitigation Recommendations
A fix is available and has been released by Apple in iOS 18.7.9, iPadOS 18.7.9, and other platform updates. Users and administrators should apply these official updates to remediate the vulnerability. Patch status is confirmed by the vendor advisory.
CVE-2026-28920: Visiting a maliciously crafted website may leak sensitive data in Apple iOS and iPadOS
Description
CVE-2026-28920 is an information leakage vulnerability in Apple iOS and iPadOS. Visiting a maliciously crafted website may cause sensitive data to be leaked. Apple addressed this issue by adding additional validation and released fixes in iOS 18. 7. 9, iPadOS 18. 7. 9, and corresponding updates for other Apple operating systems. No known exploits are reported in the wild at this time.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an information leakage flaw in Apple iOS and iPadOS that can be triggered by visiting a maliciously crafted website. The issue was mitigated by Apple through additional validation checks. The fix is included in iOS 18.7.9, iPadOS 18.7.9, and related updates for macOS, tvOS, visionOS, and watchOS. No CVSS score is provided, and no active exploitation has been observed.
Potential Impact
The impact is limited to potential leakage of sensitive data when a user visits a malicious website on affected Apple devices. There are no reports of active exploitation in the wild. The vulnerability could expose user data to attackers under these conditions.
Mitigation Recommendations
A fix is available and has been released by Apple in iOS 18.7.9, iPadOS 18.7.9, and other platform updates. Users and administrators should apply these official updates to remediate the vulnerability. Patch status is confirmed by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2026-03-03T16:36:03.986Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a028752cbff5d86108b585b
Added to database: 5/12/2026, 1:50:10 AM
Last enriched: 5/12/2026, 1:58:58 AM
Last updated: 5/12/2026, 3:51:09 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.