Apple
macOS
Apple operating system for Mac computers.
26.5.1
- Release date
- June 01, 2026
- Security status
- 25 high-severity CVEs tracked in the last 90 days. Current version not affected.
Source
Public release notes are linked for the latest stored release.
Release history
See the latest published releases stored for this product.
| Version | Published | Notes |
|---|---|---|
| 26.5.1 | 2026-06-01 | Release Notes |
| 26.5 | 2026-05-11 | Release Notes |
| 26.4.1 | 2026-04-09 | Release Notes |
| 26.4 | 2026-03-24 | Release Notes |
| 26.3.2 | 2026-03-10 | Release Notes |
| 26.3.1 | 2026-03-04 | Release Notes |
Vulnerability tracking
versionPing monitors CVEs for this product. Matching CVEs are listed below. We only display CVEs with a CVSS score of 7.0 or higher that were published within the last 90 days.
Affected status is inferred from published affected version ranges where available. Always verify against the vendor advisory before making production decisions.
| CVE | Severity | Published | Status | Summary |
|---|---|---|---|---|
| CVE-2025-46284 | HIGH (7.0) | 2026-05-26 | Current versionnot affected | A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to gain root privileges. Affected versions
|
| CVE-2025-43306 | HIGH (7.8) | 2026-05-26 | Current versionnot affected | A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges. Affected versions
|
| CVE-2025-43524 | HIGH (8.8) | 2026-05-12 | Current versionnot affected | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox. Affected versions
Show 1 more
|
| CVE-2026-43668 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. Affected versions
Show 1 more
|
| CVE-2026-43661 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory. Affected versions
|
| CVE-2026-43660 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A validation issue was addressed with improved logic. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. Affected versions
|
| CVE-2026-43658 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | The issue was addressed with improved memory handling. This issue is fixed in Safari 26.5, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected Safari crash. Affected versions
|
| CVE-2026-43656 | HIGH (7.3) | 2026-05-11 | Current versionnot affected | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Parsing a maliciously crafted file may lead to an unexpected app termination. Affected versions
Show 1 more
|
| CVE-2026-43655 | HIGH (7.3) | 2026-05-11 | Current versionnot affected | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination or read kernel memory. Affected versions
|
| CVE-2026-43654 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to disclose kernel memory. Affected versions
Show 1 more
|
| CVE-2026-43652 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data. Affected versions
|
| CVE-2026-39871 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data. Affected versions
Show 1 more
|
| CVE-2026-39870 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Processing a maliciously crafted image may corrupt process memory. Affected versions
Show 1 more
|
| CVE-2026-28995 | HIGH (8.8) | 2026-05-11 | Current versionnot affected | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A malicious app may be able to break out of its sandbox. Affected versions
|
| CVE-2026-28991 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service. Affected versions
|
| CVE-2026-28990 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted image may corrupt process memory. Affected versions
Show 1 more
|
| CVE-2026-28987 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to leak sensitive kernel state. Affected versions
Show 1 more
|
| CVE-2026-28986 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination. Affected versions
Show 1 more
|
| CVE-2026-28983 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. A remote attacker may be able to cause a denial of service. Affected versions
|
| CVE-2026-28978 | HIGH (8.8) | 2026-05-11 | Current versionnot affected | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A malicious app may be able to break out of its sandbox. Affected versions
Show 1 more
|
| CVE-2026-28976 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | An information leakage was addressed with additional validation. This issue is fixed in macOS Tahoe 26.5. An app may be able to gain root privileges. Affected versions
|
| CVE-2026-28974 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause a denial-of-service. Affected versions
|
| CVE-2026-28969 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination. Affected versions
Show 1 more
|
| CVE-2026-28962 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | This issue was addressed with improved access restrictions. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5. Processing maliciously crafted web content may disclose sensitive user information. Affected versions
|
| CVE-2026-28959 | HIGH (7.5) | 2026-05-11 | Current versionnot affected | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. An app may be able to cause unexpected system termination. Affected versions
Show 1 more
|