CVE-2026-28864: Use After Free
Published Mar 24, 2026
·Updated
802.1X. An authentication issue was addressed with improved state management.
Other sources
Accounts. An authorization issue was addressed with improved state management.
— Apple
Admin Framework. A path handling issue was addressed with improved validation.
— Apple
apache. This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
— Apple
App Protection. The issue was addressed with improved checks.
— Apple
AppleKeyStore. A use after free issue was addressed with improved memory management.
— Apple
Credit
Tuan D. Hoang, Hazem Issa, Yongdae Kim @ KAIST SysSec Lab, Alvin Aries Tapia, an anonymous researcher, Cristian Dinca (icmd.tech), Hossein Lotfi@@hosselot(TrendAI Zero Day Initiative), Etienne Charron (Renault), Victoria Martini (Renault), Zhongcheng Li(IES Red Team), CVE-2025-14524, Andreas Jaegersberger & Ro Achterberg(Nosebeard Labs), XiguaSec, CVE-2025-64505, Gor Aleksanyan(BoB 0xB6), Dhiyanesh Selvaraj@@redroot97(BoB 0xB6), 이동하 (Lee Dong Ha(BoB 0xB6), Jian Lee@@speedyfriend433, DARKNAVY@@DarkNavyOrg, Johnny Franks@@zeroxjf, Ilya Andr (andrd3v)(Voynich Group), Ilias Morad (A2nkF)(Voynich Group), Duy Trần@@khanhduytran0, @@hugeBlack, Himanshu Bharti@@Xpl0itme(Khatima), wdszzml, Atuin Automated Vulnerability Discovery Engine, Guy Dor, Gongyu Ma@@Mezone0, Alex Radocea, Yongdae Kim @ SysSec, KAIST, Caspian Tarafdar, Andrew Becker, webb, Thomas Espach, @@hamayanhamayan, Yeonghyeon Choi, Daniel Rhea, Söhnke Benedikt Fischedick (Tripton), Emrovsky & Switch3301, Yevhen Pervushyn, Minse Kim, Narcis Oliveras Fontàs, Nathaniel Oh@@calysteon, Hongze Wu(Ant Group Infrastructure Security Team), Shuaike Dong(Ant Group Infrastructure Security Team), greenbynox, Arni Hardarson, Héloïse Gollier, Mathy Vanhoef (KU Leuven), Rosyna Keller(Totally Not Malicious Software), Adrián Pérez Martínez, Uluk Abylbekov, Zack Tickman, Justin Cohen(Google), Jex Amro, Johnny Franks (zeroxjf), Kirin@@Pwnrin, iG0x72(XiguaSec), JJ(XiguaSec), Lehan Dilusha Jayasinghe, Mike Cardwell(grepular), Bob Lord, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200, Mickey Jin@@patch1t, Amy (amys.website), @@cloudlldb, YingQi Shi@@Mas0nShi(DBAppSecurity's WeBin lab), 风沐云烟@@binary_fmyy, Minghao Lin@@Y1nKoc, hari shanmugam, Sreejith Krishnan R, Chunyu Song(NorthSea), Rodolphe Brunetti@@eisw0lf(Lupus Nova), Matej Moravec@@MacejkoMoravec, Csaba Fitzl@@theevilbit(Iru), Dawuge(Shuffle Team), Hunan University, Kun Peeks@@SwayZGl1tZyyy, Gyujeong Jin at Team.0xb6@@G1uN4sh, Christian Kohlschütter, Dave G., @@pixiepointsec, Ryan Dowd@@_rdowd, Koh M. Nakagawa@@tsunek0h(FFRI Security Inc), Talal Haj Bakry(Mysk Inc), Tommy Mysk@@mysk_co(Mysk Inc), Zhongquan Li@@Guluisacat, Asaf Cohen, Ye Zhang(Baidu Security), Ryan Dowd@@_rdowd(Iru), Joseph Ravichandran@@0xjprx(MIT CSAIL), Yuebin Sun@@yuebinsun2020(SecuRing), an anonymous researcher(SecuRing), Nathaniel Oh@@calysteon(SecuRing), Kirin@@Pwnrin(SecuRing), Wojciech Regula(SecuRing), Joshua Jewett@@JoshJewett33, Gergely Kalman@@gergely_kalman, Andrei Dodu, Morris Richman@@morrisinlife, Luke Roberts@@rookuu, Pedro Tôrres@@t0rr3sp3dr0
Affected Software
18 affected componentsFixes available
Apple iOS<18.7.7
18.7.7
Apple iPadOS<18.7.7
18.7.7
Apple iOS<26.4
26.4
Apple iPadOS<26.4
26.4
Apple macOS Tahoe<26.4
26.4
Apple WatchOS<26.4
26.4
Apple macOS Sequoia<15.7.5
15.7.5
Apple visionOS<26.4
26.4
Apple macOS Sonoma<14.8.5
14.8.5
Apple iPadOS<18.7.7
Apple iPadOS>=26.0<26.4
Apple iPhone OS<18.7.7
Apple iPhone OS>=26.0<26.4
Apple macOS>=14.0<14.8.5
Apple macOS>=15.0<15.7.5
Apple macOS>=26.0<26.4
Apple visionOS<26.4
Apple WatchOS<26.4
Event History
Mar 24, 2026
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Updated
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionAffected Software
Mar 25, 2026
CVE Published
via MITRE·12:35 AM
Data Sourced
via MITRE·12:35 AM
DescriptionWeakness
Data Sourced
via NVD·01:17 AM
DescriptionSeverityWeaknessAffected Software
May 12, 2026
Updated
via Apple·06:36 PM
DescriptionWeaknessAffected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2026-28865
- CVE-2026-28877
- CVE-2026-28895
- CVE-2026-28879
- CVE-2026-28822
- CVE-2026-28874
- CVE-2026-28875
- CVE-2026-28872
- CVE-2026-28894
- CVE-2026-28866
- CVE-2026-20690
- CVE-2026-28886
- CVE-2026-28878
- CVE-2025-14524
- CVE-2026-28876
- CVE-2026-28870
- CVE-2026-28880
- CVE-2026-28833
- CVE-2025-64505
- CVE-2026-28868
- CVE-2026-28867
- CVE-2026-20698
- CVE-2026-20687
- CVE-2026-28882
- CVE-2026-20692
- CVE-2026-20688
- CVE-2026-28873
- CVE-2026-28863
- CVE-2026-28864
- CVE-2026-28860
- CVE-2026-28856
- CVE-2026-28858
- CVE-2026-28967
- CVE-2026-28852
- CVE-2026-20657
- CVE-2026-20665
- CVE-2026-20643
- CVE-2026-28871
- CVE-2026-20664
- CVE-2026-28857
- CVE-2026-28861
- CVE-2026-28859
- CVE-2026-20691
- CVE-2026-20637
- CVE-2026-20668
- CVE-2025-43534
- CVE-2025-43376
- CVE-2025-55753
- CVE-2025-58098
- CVE-2025-59775
- CVE-2025-65082
- CVE-2025-66200
- CVE-2026-28824
- CVE-2026-20699
- CVE-2026-20660
- CVE-2026-20639
- CVE-2026-28821
- CVE-2026-28838
- CVE-2026-28888
- CVE-2026-20633
- CVE-2026-28892
- CVE-2026-28832
- CVE-2026-28834
- CVE-2026-20695
- CVE-2026-28829
- CVE-2026-20607
- CVE-2026-20651
- CVE-2026-20694
- CVE-2026-28891
- CVE-2026-20701
- CVE-2026-28839
- CVE-2026-28827
- CVE-2026-28816
- CVE-2026-28826
- CVE-2026-20693
- CVE-2026-28862
- CVE-2026-28831
- CVE-2026-28817
- CVE-2026-28835
- CVE-2026-28825
- CVE-2026-28818
- CVE-2026-20697
- CVE-2026-28828
- CVE-2026-28823
- CVE-2026-20696
- CVE-2026-20684
- CVE-2026-28910
- CVE-2026-28893
- CVE-2026-28881
- CVE-2026-28842
- CVE-2026-28841
- CVE-2026-28845
- CVE-2026-20632
- CVE-2026-20631
- CVE-2026-28840
- CVE-2026-28830
- CVE-2026-28820
- CVE-2026-28837
- CVE-2026-28844
Frequently Asked Questions
1
What is the severity of CVE-2026-28864?
CVE-2026-28864 has been assessed as a high-severity vulnerability due to its impact on authentication and authorization mechanisms.
2
How do I fix CVE-2026-28864?
To fix CVE-2026-28864, upgrade your device to the latest version available, as recommended by Apple.
3
Which Apple products are affected by CVE-2026-28864?
CVE-2026-28864 affects various Apple products including iOS, iPadOS, macOS, watchOS, and visionOS versions prior to specified updates.
4
What types of issues does CVE-2026-28864 address?
CVE-2026-28864 addresses authentication and authorization issues along with path handling vulnerabilities.
5
Is there a patch for CVE-2026-28864?
Yes, there is a patch available that can be applied by updating your affected Apple devices to the latest software version.