CVE-2026-28954: A maliciously crafted disk image may bypass Gatekeeper checks in Apple iOS and iPadOS
CVE-2026-28954 is a vulnerability in Apple iOS and iPadOS where a maliciously crafted disk image may bypass Gatekeeper checks. This issue relates to a file quarantine bypass that Apple addressed by adding additional checks. The vulnerability is fixed in iOS 18. 7. 9, iPadOS 18. 7. 9, and several macOS versions including Sequoia 15. 7. 7, Sonoma 14. 8.
AI Analysis
Technical Summary
This vulnerability involves a file quarantine bypass in Apple iOS and iPadOS caused by a maliciously crafted disk image that can circumvent Gatekeeper security checks. Gatekeeper is a security feature designed to prevent untrusted software from running without user consent. Apple has addressed this issue by implementing additional checks in the affected operating systems. The fix is included in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS releases. No CVSS score is available for this vulnerability.
Potential Impact
If exploited, this vulnerability could allow an attacker to bypass Gatekeeper protections, potentially enabling the execution of untrusted or malicious software without proper user warnings or restrictions. However, there are no reports of active exploitation in the wild. The impact is mitigated by the availability of fixes in the latest OS versions.
Mitigation Recommendations
Apply the official updates from Apple: iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, or macOS Tahoe 26.5. These updates include the necessary security fixes to prevent the bypass of Gatekeeper checks. Users and administrators should ensure devices are updated to these versions or later to remediate this vulnerability. Patch status is confirmed by the vendor advisory.
CVE-2026-28954: A maliciously crafted disk image may bypass Gatekeeper checks in Apple iOS and iPadOS
Description
CVE-2026-28954 is a vulnerability in Apple iOS and iPadOS where a maliciously crafted disk image may bypass Gatekeeper checks. This issue relates to a file quarantine bypass that Apple addressed by adding additional checks. The vulnerability is fixed in iOS 18. 7. 9, iPadOS 18. 7. 9, and several macOS versions including Sequoia 15. 7. 7, Sonoma 14. 8.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves a file quarantine bypass in Apple iOS and iPadOS caused by a maliciously crafted disk image that can circumvent Gatekeeper security checks. Gatekeeper is a security feature designed to prevent untrusted software from running without user consent. Apple has addressed this issue by implementing additional checks in the affected operating systems. The fix is included in iOS 18.7.9, iPadOS 18.7.9, and multiple macOS releases. No CVSS score is available for this vulnerability.
Potential Impact
If exploited, this vulnerability could allow an attacker to bypass Gatekeeper protections, potentially enabling the execution of untrusted or malicious software without proper user warnings or restrictions. However, there are no reports of active exploitation in the wild. The impact is mitigated by the availability of fixes in the latest OS versions.
Mitigation Recommendations
Apply the official updates from Apple: iOS 18.7.9, iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, or macOS Tahoe 26.5. These updates include the necessary security fixes to prevent the bypass of Gatekeeper checks. Users and administrators should ensure devices are updated to these versions or later to remediate this vulnerability. Patch status is confirmed by the vendor advisory.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- apple
- Date Reserved
- 2026-03-03T16:36:03.990Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a028759cbff5d86108b646a
Added to database: 5/12/2026, 1:50:17 AM
Last enriched: 5/12/2026, 2:01:16 AM
Last updated: 5/12/2026, 3:48:12 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.