Description
CVE-2026-28881 is a privacy issue in the iCloud component of macOS related to how sensitive data was moved/stored. According to Apple's advisory, the flaw could allow an app to access sensitive user data. This was a jointly-credited discovery: Ye Zhang of Baidu Security, Ryan Dowd (@_rdowd), and Csaba Fitzl (@theevilbit) of Iru.
Impact
Exploitation of this vulnerability could allow a local app to access sensitive user data it shouldn't have access to via iCloud. Apple addressed the issue by moving the sensitive data to a protected location in macOS Tahoe 26.4.
CVE-2026-28827
A critical vulnerability in macOS Tahoe could allow sandboxed apps to escape their confines. Learn about CVE-2026-28827 and how Apple has addressed this issue.
Learn MoreCVE-2025-24201
CVE-2025-24201 is an out-of-bounds write vulnerability in WebKit, Apple's browser engine. Maliciously crafted web content could exploit this issue to break out of the Web Content sandbox, potentially leading to arbitrary code execution. Apple addressed this vulnerability by implementing improved che
Learn MoreCVE-2026-20617
CVE-2026-20617 is a critical security vulnerability in macOS that could allow apps to gain root privileges. Learn about its impact and the necessary updates.
Learn More