This document describes the security content of macOS Sequoia 15.7.5.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released March 24, 2026
Available for: macOS Sequoia
Impact: An attacker in a privileged network position may be able to intercept network traffic
Description: An authentication issue was addressed with improved state management.
CVE-2026-28865: Héloïse Gollier and Mathy Vanhoef (KU Leuven)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-28877: Rosyna Keller of Totally Not Malicious Software
Available for: macOS Sequoia
Impact: Multiple issues in Apache
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-55753
CVE-2025-58098
CVE-2025-59775
CVE-2025-65082
CVE-2025-66200
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory management.
CVE-2026-20637: Johnny Franks (zeroxjf), an anonymous researcher
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-28824: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2026-20699: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A use-after-free issue was addressed with improved memory management.
CVE-2026-28879: Justin Cohen of Google
Available for: macOS Sequoia
Impact: An attacker may be able to cause unexpected app termination
Description: A type confusion issue was addressed with improved memory handling.
CVE-2026-28822: Jex Amro
Available for: macOS Sequoia
Impact: A remote attacker may be able to cause a denial-of-service
Description: A denial-of-service issue was addressed with improved input validation.
CVE-2026-28894: an anonymous researcher
Available for: macOS Sequoia
Impact: A remote user may be able to write arbitrary files
Description: A path handling issue was addressed with improved logic.
CVE-2026-20660: Amy (amys.website)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved validation of symlinks.
CVE-2026-28866: Cristian Dinca (icmd.tech)
Available for: macOS Sequoia
Impact: Processing a maliciously crafted string may lead to heap corruption
Description: An integer overflow was addressed with improved input validation.
CVE-2026-20639: @cloudlldb of @pixiepointsec
Available for: macOS Sequoia
Impact: Processing an audio stream in a maliciously crafted media file may terminate the process
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2026-20690: Hossein Lotfi (@hosselot) of TrendAI Zero Day Initiative
Entry updated May 11, 2026
Available for: macOS Sequoia
Impact: An app may be able to gain elevated privileges
Description: A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement.
CVE-2026-28821: YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional sandbox restrictions.
CVE-2026-28838: an anonymous researcher
Available for: macOS Sequoia
Impact: A user in a privileged network position may be able to cause a denial-of-service
Description: A null pointer dereference was addressed with improved input validation.
CVE-2026-28886: Etienne Charron (Renault) and Victoria Martini (Renault)
Available for: macOS Sequoia
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with improved state handling.
CVE-2026-28888: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
Available for: macOS Sequoia
Impact: An issue existed in curl which may result in unintentionally sending sensitive information via an incorrect connection
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-14524
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with improved handling of symlinks.
CVE-2026-20633: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-28876: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed by removing the vulnerable code.
CVE-2026-28892: 风沐云烟 (@binary_fmyy) and Minghao Lin (@Y1nKoc)
Available for: macOS Sequoia
Impact: An app may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2026-28832: DARKNAVY (@DarkNavyOrg)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2026-20668: Kirin (@Pwnrin)
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with improved state handling.
CVE-2026-28834: an anonymous researcher
Available for: macOS Sequoia
Impact: An app may be able to enumerate a user's installed apps
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28880: Zhongcheng Li from IES Red Team
Available for: macOS Sequoia
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-64505
Available for: macOS Sequoia
Impact: An app may be able to disclose kernel memory
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28868: Gor Aleksanyan, Dhiyanesh Selvaraj (@redroot97), 이동하 (Lee Dong Ha of BoB 0xB6)
Entry updated May 11, 2026
Available for: macOS Sequoia
Impact: An app may be able to leak sensitive kernel state
Description: This issue was addressed with improved authentication.
CVE-2026-28867: Jian Lee (@speedyfriend433)
Available for: macOS Sequoia
Impact: An app may be able to determine kernel memory layout
Description: An information disclosure issue was addressed with improved memory management.
CVE-2026-20695: Gor Aleksanyan, 이동하 (Lee Dong Ha of BoB 0xB6) working with TrendAI Zero Day Initiative, hari shanmugam
Entry updated May 11, 2026
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: A use after free issue was addressed with improved memory management.
CVE-2026-20687: Johnny Franks (@zeroxjf)
Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28829: Sreejith Krishnan R
Available for: macOS Sequoia
Impact: An app may be able to access protected user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20607: an anonymous researcher
Available for: macOS Sequoia
Impact: "Hide IP Address" and "Block All Remote Content" may not apply to all mail content
Description: A privacy issue was addressed with improved handling of user preferences.
CVE-2026-20692: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs, Himanshu Bharti (@Xpl0itme) from Khatima
Entry updated May 11, 2026
Available for: macOS Sequoia
Impact: An app may be able to leak sensitive kernel state
Description: This issue was addressed with improved authentication.
CVE-2026-28867: Jian Lee (@speedyfriend433)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A privacy issue was addressed with improved handling of temporary files.
CVE-2026-20651: Chunyu Song of NorthSea
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed with improved handling of symlinks.
CVE-2026-20694: Rodolphe Brunetti (@eisw0lf) of Lupus Nova
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: A race condition was addressed with additional validation.
CVE-2026-28891: an anonymous researcher
Available for: macOS Sequoia
Impact: An app may be able to connect to a network share without user consent
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2026-20701: Matej Moravec (@MacejkoMoravec)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: The issue was addressed with improved checks.
CVE-2026-28839: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-28827: Csaba Fitzl (@theevilbit) of Iru, an anonymous researcher
Available for: macOS Sequoia
Impact: An app may be able to delete files for which it does not have permission
Description: A path handling issue was addressed with improved validation.
CVE-2026-28816: Dawuge of Shuffle Team and Hunan University
Available for: macOS Sequoia
Impact: A malicious app may be able to break out of its sandbox
Description: A logic issue was addressed with improved restrictions.
CVE-2026-28826: an anonymous researcher
Entry added May 11, 2026
Available for: macOS Sequoia
Impact: An attacker with root privileges may be able to delete protected system files
Description: This issue was addressed through improved state management.
CVE-2026-20693: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: A privacy issue was addressed with improved private data redaction for log entries.
CVE-2026-28862: Kun Peeks (@SwayZGl1tZyyy)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-28831: an anonymous researcher
Available for: macOS Sequoia
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A race condition was addressed with improved state handling.
CVE-2026-28817: Gyujeong Jin (@G1uN4sh) at Team.0xb6
Available for: macOS Sequoia
Impact: An app may be able to break out of its sandbox
Description: A path handling issue was addressed with improved validation.
CVE-2026-20688: wdszzml and Atuin Automated Vulnerability Discovery Engine
Available for: macOS Sequoia
Impact: A local attacker may gain access to user's Keychain items
Description: This issue was addressed with improved permissions checking.
CVE-2026-28864: Alex Radocea
Available for: macOS Sequoia
Impact: A local attacker may be able to modify the state of the Keychain
Description: The issue was addressed with improved input validation.
CVE-2026-28860: Alex Radocea
Entry added May 11, 2026
Available for: macOS Sequoia
Impact: Mounting a maliciously crafted SMB network share may lead to system termination
Description: A use-after-free issue was addressed with improved memory management.
CVE-2026-28835: Christian Kohlschütter
Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-28825: Sreejith Krishnan R and Dave G.
Entry updated May 11, 2026
Available for: macOS Sequoia
Impact: An app may be able to access user-sensitive data
Description: A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions.
CVE-2026-20699: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28818: @pixiepointsec
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20697: @pixiepointsec
Available for: macOS Sequoia
Impact: An app may be able to access sensitive user data
Description: A permissions issue was addressed by removing the vulnerable code.
CVE-2026-28828: Mickey Jin (@patch1t)
Available for: macOS Sequoia
Impact: An app may be able to cause a denial-of-service
Description: A stack overflow was addressed with improved input validation.
CVE-2026-28852: Caspian Tarafdar
Available for: macOS Sequoia
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: A buffer overflow issue was addressed with improved memory handling.
CVE-2026-20657: Andrew Becker
Entry updated May 11, 2026
Available for: macOS Sequoia
Impact: An app may be able to modify protected parts of the file system
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28829: Sreejith Krishnan R
We would like to acknowledge Sota Toyokura for their assistance.
We would like to acknowledge Mustafa Calap for their assistance.
Entry added May 11, 2026
We would like to acknowledge YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab, Fein, Iccccc & Ziiiro for their assistance.
We would like to acknowledge Wang Yu of Cyberserval for their assistance.
We would like to acknowledge Xinru Chi of Pangu Lab for their assistance.
We would like to acknowledge Dawuge of Shuffle Team and Hunan University for their assistance.
We would like to acknowledge Dave G. for their assistance.
We would like to acknowledge Waleed Barakat (@WilDN00B) and Paul Montgomery (@nullevent) for their assistance.