APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7

[Apple Product Security via Fulldisclosure <fulldisclosure () seclists org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7

macOS Sonoma 14.8.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127117.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

APFS
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2026-28959: Dave G.

AppleJPEG
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to
unexpected app termination or corrupt process memory
Description: A memory corruption issue was addressed with improved input
validation.
CVE-2026-28956: impost0r (ret2plt)

Audio
Available for: macOS Sonoma
Impact: Processing an audio stream in a maliciously crafted media file
may terminate the process
Description: The issue was addressed with improved memory handling.
CVE-2026-39869: David Ige of Beryllium Security

CoreMedia
Available for: macOS Sonoma
Impact: An app may be able to access private information
Description: This issue was addressed through improved state management.
CVE-2026-28922: Arni Hardarson

CoreServices
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app
termination
Description: The issue was addressed with improved checks.
CVE-2026-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

CUPS
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2026-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

FileProvider
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-43659: Alex Radocea

GPU Drivers
Available for: macOS Sonoma
Impact: A malicious app may be able to break out of its sandbox
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28923: Kun Peeks (@SwayZGl1tZyyy)

HFS
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2026-28925: Dave G., Aswin Kumar Gokula Kannan

Icons
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: An access issue was addressed with additional sandbox
restrictions.
CVE-2025-43524: Csaba Fitzl (@theevilbit) of Iru

ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app
termination
Description: The issue was addressed with improved bounds checks.
CVE-2026-28977: Suresh Sundaram

ImageIO
Available for: macOS Sonoma
Impact: Processing a maliciously crafted image may corrupt process
memory
Description: The issue was addressed with improved memory handling.
CVE-2026-28990: Jiri Ha, Arni Hardarson

Installer
Available for: macOS Sonoma
Impact: A malicious app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional
restrictions.
CVE-2026-28978: wdszzml and Atuin Automated Vulnerability Discovery
Engine

IOHIDFamily
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected app termination
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2026-28992: Johnny Franks (@zeroxjf)

IOHIDFamily
Available for: macOS Sonoma
Impact: An app may be able to determine kernel memory layout
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28943: Google Threat Analysis Group

IOKit
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory
management.
CVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar

Kernel
Available for: macOS Sonoma
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)

Kernel
Available for: macOS Sonoma
Impact: A maliciously crafted disk image may bypass Gatekeeper checks
Description: A file quarantine bypass was addressed with additional
checks.
CVE-2026-28954: Yiğit Can YILMAZ (@yilmazcanyigit)

Kernel
Available for: macOS Sonoma
Impact: A local user may be able to cause unexpected system termination
or read kernel memory
Description: A buffer overflow was addressed with improved input
validation.
CVE-2026-28897: Robert Tran, popku1337, Billy Jheng Bing Jhong and Pan
Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Aswin kumar
Gokulakannan

Kernel
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: An integer overflow was addressed with improved input
validation.
CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic
Research

Kernel
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A denial of service issue was addressed by removing the
vulnerable code.
CVE-2026-28908: beist

Kernel
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state
management.
CVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru

Kernel
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or
write kernel memory
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927)
of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)

Kernel
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with additional validation.
CVE-2026-28986: Tristan Madani (@TristanInSec) from Talence Security,
Ryan Hileman via Xint Code (xint.io), Chris Betz

Kernel
Available for: macOS Sonoma
Impact: An app may be able to leak sensitive kernel state
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)

Mail Drafts
Available for: macOS Sonoma
Impact: Replying to an email could display remote images in Mail in
Lockdown Mode
Description: A logic issue was addressed with improved checks.
CVE-2026-28929: Yiğit Can YILMAZ (@yilmazcanyigit)

mDNSResponder
Available for: macOS Sonoma
Impact: An attacker on the local network may be able to cause a
denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2026-43653: Atul R V

mDNSResponder
Available for: macOS Sonoma
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A use after free issue was addressed with improved memory
management.
CVE-2026-43668: Anton Pakhunov, Ricardo Prado

mDNSResponder
Available for: macOS Sonoma
Impact: An attacker on the local network may be able to cause a
denial-of-service
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2026-43666: Ian van der Wurff (ian.nl)

Networking
Available for: macOS Sonoma
Impact: An attacker may be able to track users through their IP address
Description: This issue was addressed through improved state management.
CVE-2026-28906: Ilya Sc. Jowell A.

PackageKit
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional
restrictions.
CVE-2026-28840: Morris Richman (@morrisinlife), Andrei Dodu

Quick Look
Available for: macOS Sonoma
Impact: Parsing a maliciously crafted file may lead to an unexpected app
termination
Description: An out-of-bounds write issue was addressed with improved
input validation.
CVE-2026-43656: Peter Malone

SceneKit
Available for: macOS Sonoma
Impact: Processing a maliciously crafted image may corrupt process
memory
Description: The issue was addressed with improved memory handling.
CVE-2026-39870: Peter Malone

SceneKit
Available for: macOS Sonoma
Impact: A remote attacker may be able to cause unexpected app
termination
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2026-28846: Peter Malone

Shortcuts
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by adding an additional prompt for
user consent.
CVE-2026-28993: Doron Assness

Storage
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-28996: Alex Radocea

StorageKit
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A consistency issue was addressed with improved state
handling.
CVE-2026-28919: Amy (amys.website)

Sync Services
Available for: macOS Sonoma
Impact: An app may be able to access Contacts without user consent
Description: A race condition was addressed with improved handling of
symbolic links.
CVE-2026-28924: YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab,
Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

TV App
Available for: macOS Sonoma
Impact: An app may be able to observe unprotected user data
Description: A path handling issue was addressed with improved logic.
CVE-2026-39871: an anonymous researcher

Wi-Fi
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel
privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2026-28819: Wang Yu

Wi-Fi
Available for: macOS Sonoma
Impact: An attacker in a privileged network position may be able to
perform denial-of-service attack using crafted Wi-Fi packets
Description: A use after free issue was addressed with improved memory
management.
CVE-2026-28994: Alex Radocea

zlib
Available for: macOS Sonoma
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: An information leakage was addressed with additional
validation.
CVE-2026-28920: Brendon Tiszka of Google Project Zero

Additional recognition

Kernel
We would like to acknowledge Ryan Hileman via Xint Code (xint.io) for
their assistance.

macOS Sonoma 14.8.7 may be obtained from the Mac App Store or Apple's
Software Downloads web site: https://support.apple.com/downloads/

All information is also posted on the Apple Security Releases
web site: https://support.apple.com/100100.

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEhjkl+zMLNwFiCT1o4Ifiq8DH7PUFAmoCVlYACgkQ4Ifiq8DH
7PVp5w//SglYZemu6sqjanvv4ERY0GWQbGtGOPxHspofA4uQoXGRylcbcHVOYLdV
THJRmh8ycwM38xi+Md2bDeCPhCFANN1GGQHmu2rgGITd7XHkWRkRXixpvjmObm77
LWPe/jMmVM8bug7U5cfUeuX+r/lsxoC2nFonlrD/D9NCLURnxdLgcka6NDYwGX7j
HknZUf2pW4LOTiVa12DgrEMrGnq/lf2Jbn3BrNWn8RRSXD9FiuSY5C7HmkRDThyq
v+1bKO8NeCxrVfFwrkXMwb4TmCwuTDLz215ZOzMj9FQqBU5MdLevKf5KYZNu9y61
KuNo6Jvhmo2V9gn4P7yZSr5SpcCFFZevjrDldyDBrbVsp2zjyoXECfhvszHhjTB2
tI2wywFgCwreLM2xxSiySTeBTqTgoEyUv1Kry+47CvROMn1XgGojVHg37UXbTPF1
LunB5ZBBXBTMCshJBX8hq8hPoJW4wH+G1hI2iO8I1QfS49OXhPGl3U2tB6HGiPoI
pC8QW+fBkRPCodDFVXAyewuRu2mZETEmgfb+jO344FJ77F9Y9G8NUGx1Na+YIwQ7
2Y1TzGUJGZQYxvMKA2sV2shdDnXXaP6chnFxtVYnLbdicZb7LtbWYywIlp/8KZ7X
rWjdcSihzCoMTzxH0FYcx1gwQbS4qlD0Bs0PcHUH7IPg/I6YjM4=
=yev/
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/