APPLE-SA-05-11-2026-7 macOS Sequoia 15.7.7

[Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-05-11-2026-7 macOS Sequoia 15.7.7

macOS Sequoia 15.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127116.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

APFS
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2026-28959: Dave G.

AppleJPEG
Available for: macOS Sequoia
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: A memory corruption issue was addressed with improved input
validation.
CVE-2026-28956: impost0r (ret2plt)

Audio
Available for: macOS Sequoia
Impact: Processing an audio stream in a maliciously crafted media file
may terminate the process
Description: The issue was addressed with improved memory handling.
CVE-2026-39869: David Ige of Beryllium Security

CoreMedia
Available for: macOS Sequoia
Impact: An app may be able to access private information
Description: This issue was addressed through improved state management.
CVE-2026-28922: Arni Hardarson

Crash Reporter
Available for: macOS Sequoia
Impact: An app may be able to enumerate a user's installed apps
Description: A privacy issue was addressed by removing sensitive data.
CVE-2026-28878: Zhongcheng Li from IES Red Team

CUPS
Available for: macOS Sequoia
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2026-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

FileProvider
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-43659: Alex Radocea

GPU Drivers
Available for: macOS Sequoia
Impact: A malicious app may be able to break out of its sandbox
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28923: Kun Peeks (@SwayZGl1tZyyy)

HFS
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2026-28925: Dave G., Aswin Kumar Gokula Kannan

Icons
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43524: Csaba Fitzl (@theevilbit) of Iru

ImageIO
Available for: macOS Sequoia
Impact: Processing a maliciously crafted file may lead to unexpected app
termination
Description: The issue was addressed with improved bounds checks.
CVE-2026-28977: Suresh Sundaram

ImageIO
Available for: macOS Sequoia
Impact: Processing a maliciously crafted image may corrupt process
memory
Description: The issue was addressed with improved memory handling.
CVE-2026-28990: Jiri Ha, Arni Hardarson

Installer
Available for: macOS Sequoia
Impact: A malicious app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2026-28978: wdszzml and Atuin Automated Vulnerability Discovery
Engine

IOHIDFamily
Available for: macOS Sequoia
Impact: An attacker may be able to cause unexpected app termination
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2026-28992: Johnny Franks (@zeroxjf)

IOHIDFamily
Available for: macOS Sequoia
Impact: An app may be able to determine kernel memory layout
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28943: Google Threat Analysis Group

IOKit
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory
management.
CVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar

Kernel
Available for: macOS Sequoia
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)

Kernel
Available for: macOS Sequoia
Impact: A maliciously crafted disk image may bypass Gatekeeper checks
Description: A file quarantine bypass was addressed with additional
checks.
CVE-2026-28954: Yiğit Can YILMAZ (@yilmazcanyigit)

Kernel
Available for: macOS Sequoia
Impact: A local user may be able to cause unexpected system termination
or read kernel memory
Description: A buffer overflow was addressed with improved input
validation.
CVE-2026-28897: Robert Tran, popku1337, Billy Jheng Bing Jhong and Pan
Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Aswin kumar
Gokulakannan

Kernel
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description: An integer overflow was addressed with improved input
validation.
CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic
Research

Kernel
Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: A denial of service issue was addressed by removing the
vulnerable code.
CVE-2026-28908: beist

Kernel
Available for: macOS Sequoia
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru

Kernel
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927)
of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)

Kernel
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with additional validation.
CVE-2026-28986: Tristan Madani (@TristanInSec) from Talence Security,
Ryan Hileman via Xint Code (xint.io), Chris Betz

Kernel
Available for: macOS Sequoia
Impact: An app may be able to leak sensitive kernel state
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)

Mail Drafts
Available for: macOS Sequoia
Impact: Replying to an email could display remote images in Mail in
Lockdown Mode
Description: A logic issue was addressed with improved checks.
CVE-2026-28929: Yiğit Can YILMAZ (@yilmazcanyigit)

mDNSResponder
Available for: macOS Sequoia
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A use after free issue was addressed with improved memory
management.
CVE-2026-43668: Ricardo Prado, Anton Pakhunov

mDNSResponder
Available for: macOS Sequoia
Impact: An attacker on the local network may be able to cause a
denial-of-service
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2026-43666: Ian van der Wurff (ian.nl)

Model I/O
Available for: macOS Sequoia
Impact: Processing a maliciously crafted image may corrupt process
memory
Description: The issue was addressed with improved memory handling.
CVE-2026-28940: Michael DePlante (@izobashi) of TrendAI Zero Day
Initiative

Model I/O
Available for: macOS Sequoia
Impact: Processing a maliciously crafted file may lead to a
denial-of-service or potentially disclose memory contents
Description: The issue was addressed with improved checks.
CVE-2026-28941: Michael DePlante (@izobashi) of TrendAI Zero Day
Initiative

Networking
Available for: macOS Sequoia
Impact: An attacker may be able to track users through their IP address
Description: This issue was addressed through improved state management.
CVE-2026-28906: Ilya Sc. Jowell A.

PackageKit
Available for: macOS Sequoia
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional
restrictions.
CVE-2026-28840: Morris Richman (@morrisinlife), Andrei Dodu

Quick Look
Available for: macOS Sequoia
Impact: Parsing a maliciously crafted file may lead to an unexpected app
termination
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2026-43656: Peter Malone

SceneKit
Available for: macOS Sequoia
Impact: Processing a maliciously crafted image may corrupt process
memory
Description: The issue was addressed with improved memory handling.
CVE-2026-39870: Peter Malone

SceneKit
Available for: macOS Sequoia
Impact: A remote attacker may be able to cause unexpected app
termination
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2026-28846: Peter Malone

Shortcuts
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by adding an additional prompt for
user consent.
CVE-2026-28993: Doron Assness

SMB
Available for: macOS Sequoia
Impact: A remote attacker may be able to cause unexpected system
termination
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2026-28848: Peter Malone, Dave G. and Alex Radocea of Supernetworks

Spotlight
Available for: macOS Sequoia
Impact: An app may be able to cause a denial-of-service
Description: This issue was addressed with improved checks to prevent
unauthorized actions.
CVE-2026-28974: Andy Koo (@andykoo) of Hexens

Storage
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-28996: Alex Radocea

StorageKit
Available for: macOS Sequoia
Impact: An app may be able to gain root privileges
Description: A consistency issue was addressed with improved state
handling.
CVE-2026-28919: Amy (amys.website)

Sync Services
Available for: macOS Sequoia
Impact: An app may be able to access Contacts without user consent
Description: A race condition was addressed with improved handling of
symbolic links.
CVE-2026-28924: YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab,
Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

TV App
Available for: macOS Sequoia
Impact: An app may be able to observe unprotected user data
Description: A path handling issue was addressed with improved logic.
CVE-2026-39871: an anonymous researcher

Wi-Fi
Available for: macOS Sequoia
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2026-28819: Wang Yu

Wi-Fi
Available for: macOS Sequoia
Impact: An attacker in a privileged network position may be able to
perform denial-of-service attack using crafted Wi-Fi packets
Description: A use after free issue was addressed with improved memory
management.
CVE-2026-28994: Alex Radocea

zlib
Available for: macOS Sequoia
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: An information leakage was addressed with additional
validation.
CVE-2026-28920: Brendon Tiszka of Google Project Zero

Additional recognition

Kernel
We would like to acknowledge Ryan Hileman via Xint Code (xint.io) for
their assistance.

Location
We would like to acknowledge Kun Peeks (@SwayZGl1tZyyy) for their
assistance.

OpenSSH
We would like to acknowledge Anand Patil for their assistance.

macOS Sequoia 15.7.7 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmoCVjkACgkQ4Ifiq8DH
7PWqkA/+NrFBAbGrolm2KuWJbks0qRCL41Sd/LO+NemMH9FQsOLZkQNiDbcHc97g
1roSXUrgZX5wgPojuzbT8MfwMoo5ltfwgDZ3Z1ZkXVJ4tb2vLFYUdwP9auQ+IpqZ
864YQZ3U2RgVWATjxlafhsizlnV7xxTgrjUo44vVloYnnk6GJQ850dU2xTu0mnYE
JRUT8fjpk+8j7E5RVOaCcv2YN5+Lh7hjCk/9U2uLzZ25AQkXyrKAY8VhKDEFEoYr
V2G7eJrbJm6fTJgR+3yzwpUqVwBJTeGRMjbD1VH6y1IkvLs38xWdAaPO9o6ScKPd
S0mv87y90uCf1XDjrktOneelwGaW/FwX4vEPfBIy38CPGF2lLbPIDYSKk3QJb+mP
hmnhLTqISYbOPnYkCrHFyKuDqeSg0p4Zc70EqZZdCyEEkXGL+coNzDTFOkjZYDuV
tpuygybGB55ZsehAg8HCTHZMTipiA6iOjS9Yix1/i5OYKK5SlVtDk+0hX6c4jYUC
wwGC3PidNRzd6f3Qdh9aIhgnAeRCx/kcUkAQEGxcSKPo51jpHC08j3HI5NFgsuDB
w4JUR0RNPygyTN3m1W7H/twFS/AzRX9RvXISwCXuSaC4BFMgSLoeyv8Ewj62qqfp
kYBeGmMsn95SZAdvaXT3BpgFrvEePEsdRlEcAcK7gSWExT//vO8=
=+uCX
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/