About the security content of macOS Sonoma 14.8.7

This document describes the security content of macOS Sonoma 14.8.7.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

macOS Sonoma 14.8.7

APFS

Available for: macOS Sonoma

Impact: An app may be able to cause unexpected system termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28959: Dave G.

AppleJPEG

Available for: macOS Sonoma

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: A memory corruption issue was addressed with improved input validation.

CVE-2026-28956: impost0r (ret2plt)

Audio

Available for: macOS Sonoma

Impact: Processing an audio stream in a maliciously crafted media file may terminate the process

Description: The issue was addressed with improved memory handling.

CVE-2026-39869: David Ige of Beryllium Security

CoreMedia

Available for: macOS Sonoma

Impact: An app may be able to access private information

Description: This issue was addressed through improved state management.

CVE-2026-28922: Arni Hardarson

CoreServices

Available for: macOS Sonoma

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: The issue was addressed with improved checks.

CVE-2026-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

CUPS

Available for: macOS Sonoma

Impact: An app may be able to gain root privileges

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2026-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

FileProvider

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A race condition was addressed with additional validation.

CVE-2026-43659: Alex Radocea

GPU Drivers

Available for: macOS Sonoma

Impact: A malicious app may be able to break out of its sandbox

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28923: Kun Peeks (@SwayZGl1tZyyy)

HFS

Available for: macOS Sonoma

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28925: Dave G., Aswin Kumar Gokula Kannan

Icons

Available for: macOS Sonoma

Impact: An app may be able to break out of its sandbox

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2025-43524: Csaba Fitzl (@theevilbit) of Iru

ImageIO

Available for: macOS Sonoma

Impact: Processing a maliciously crafted file may lead to unexpected app termination

Description: The issue was addressed with improved bounds checks.

CVE-2026-28977: Suresh Sundaram

ImageIO

Available for: macOS Sonoma

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-28990: Jiri Ha, Arni Hardarson

Installer

Available for: macOS Sonoma

Impact: A malicious app may be able to break out of its sandbox

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-28978: wdszzml and Atuin Automated Vulnerability Discovery Engine

IOHIDFamily

Available for: macOS Sonoma

Impact: An attacker may be able to cause unexpected app termination

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2026-28992: Johnny Franks (@zeroxjf)

IOHIDFamily

Available for: macOS Sonoma

Impact: An app may be able to determine kernel memory layout

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28943: Google Threat Analysis Group

IOKit

Available for: macOS Sonoma

Impact: An app may be able to cause unexpected system termination

Description: A use after free issue was addressed with improved memory management.

CVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar

Kernel

Available for: macOS Sonoma

Impact: An app may be able to disclose kernel memory

Description: The issue was addressed with improved memory handling.

CVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)

Kernel

Available for: macOS Sonoma

Impact: A maliciously crafted disk image may bypass Gatekeeper checks

Description: A file quarantine bypass was addressed with additional checks.

CVE-2026-28954: Yiğit Can YILMAZ (@yilmazcanyigit)

Kernel

Available for: macOS Sonoma

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: A buffer overflow was addressed with improved input validation.

CVE-2026-28897: Robert Tran, popku1337, Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Aswin kumar Gokulakannan

Kernel

Available for: macOS Sonoma

Impact: An app may be able to cause unexpected system termination

Description: An integer overflow was addressed with improved input validation.

CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic Research

Kernel

Available for: macOS Sonoma

Impact: An app may be able to modify protected parts of the file system

Description: A denial of service issue was addressed by removing the vulnerable code.

CVE-2026-28908: beist

Kernel

Available for: macOS Sonoma

Impact: An app may be able to gain root privileges

Description: An authorization issue was addressed with improved state management.

CVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru

Kernel

Available for: macOS Sonoma

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)

Kernel

Available for: macOS Sonoma

Impact: An app may be able to cause unexpected system termination

Description: A race condition was addressed with additional validation.

CVE-2026-28986: Tristan Madani (@TristanInSec) from Talence Security, Ryan Hileman via Xint Code (xint.io), Chris Betz

Kernel

Available for: macOS Sonoma

Impact: An app may be able to leak sensitive kernel state

Description: A logging issue was addressed with improved data redaction.

CVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)

Mail Drafts

Available for: macOS Sonoma

Impact: Replying to an email could display remote images in Mail in Lockdown Mode

Description: A logic issue was addressed with improved checks.

CVE-2026-28929: Yiğit Can YILMAZ (@yilmazcanyigit)

mDNSResponder

Available for: macOS Sonoma

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: The issue was addressed with improved memory handling.

CVE-2026-43653: Atul R V

mDNSResponder

Available for: macOS Sonoma

Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory

Description: A use after free issue was addressed with improved memory management.

CVE-2026-43668: Anton Pakhunov, Ricardo Prado

mDNSResponder

Available for: macOS Sonoma

Impact: An attacker on the local network may be able to cause a denial-of-service

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2026-43666: Ian van der Wurff (ian.nl)

Networking

Available for: macOS Sonoma

Impact: An attacker may be able to track users through their IP address

Description: This issue was addressed through improved state management.

CVE-2026-28906: Ilya Sc. Jowell A.

PackageKit

Available for: macOS Sonoma

Impact: An app may be able to gain root privileges

Description: A permissions issue was addressed with additional restrictions.

CVE-2026-28840: Morris Richman (@morrisinlife), Andrei Dodu

Quick Look

Available for: macOS Sonoma

Impact: Parsing a maliciously crafted file may lead to an unexpected app termination

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2026-43656: Peter Malone

SceneKit

Available for: macOS Sonoma

Impact: Processing a maliciously crafted image may corrupt process memory

Description: The issue was addressed with improved memory handling.

CVE-2026-39870: Peter Malone

SceneKit

Available for: macOS Sonoma

Impact: A remote attacker may be able to cause unexpected app termination

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2026-28846: Peter Malone

Shortcuts

Available for: macOS Sonoma

Impact: An app may be able to access user-sensitive data

Description: This issue was addressed by adding an additional prompt for user consent.

CVE-2026-28993: Doron Assness

Storage

Available for: macOS Sonoma

Impact: An app may be able to access sensitive user data

Description: A race condition was addressed with additional validation.

CVE-2026-28996: Alex Radocea

StorageKit

Available for: macOS Sonoma

Impact: An app may be able to gain root privileges

Description: A consistency issue was addressed with improved state handling.

CVE-2026-28919: Amy (amys.website)

Sync Services

Available for: macOS Sonoma

Impact: An app may be able to access Contacts without user consent

Description: A race condition was addressed with improved handling of symbolic links.

CVE-2026-28924: YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab, Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs

TV App

Available for: macOS Sonoma

Impact: An app may be able to observe unprotected user data

Description: A path handling issue was addressed with improved logic.

CVE-2026-39871: an anonymous researcher

Wi-Fi

Available for: macOS Sonoma

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2026-28819: Wang Yu

Wi-Fi

Available for: macOS Sonoma

Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets

Description: A use after free issue was addressed with improved memory management.

CVE-2026-28994: Alex Radocea

zlib

Available for: macOS Sonoma

Impact: Visiting a maliciously crafted website may leak sensitive data

Description: An information leakage was addressed with additional validation.

CVE-2026-28920: Brendon Tiszka of Google Project Zero

Additional recognition

Kernel

We would like to acknowledge Ryan Hileman via Xint Code (xint.io) for their assistance.