This document describes the security content of macOS Sonoma 14.8.7.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Released May 11, 2026
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28959: Dave G.
Available for: macOS Sonoma
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: A memory corruption issue was addressed with improved input validation.
CVE-2026-28956: impost0r (ret2plt)
Available for: macOS Sonoma
Impact: Processing an audio stream in a maliciously crafted media file may terminate the process
Description: The issue was addressed with improved memory handling.
CVE-2026-39869: David Ige of Beryllium Security
Available for: macOS Sonoma
Impact: An app may be able to access private information
Description: This issue was addressed through improved state management.
CVE-2026-28922: Arni Hardarson
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: The issue was addressed with improved checks.
CVE-2026-28936: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-28915: Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-43659: Alex Radocea
Available for: macOS Sonoma
Impact: A malicious app may be able to break out of its sandbox
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28923: Kun Peeks (@SwayZGl1tZyyy)
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28925: Dave G., Aswin Kumar Gokula Kannan
Available for: macOS Sonoma
Impact: An app may be able to break out of its sandbox
Description: An access issue was addressed with additional sandbox restrictions.
CVE-2025-43524: Csaba Fitzl (@theevilbit) of Iru
Available for: macOS Sonoma
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: The issue was addressed with improved bounds checks.
CVE-2026-28977: Suresh Sundaram
Available for: macOS Sonoma
Impact: Processing a maliciously crafted image may corrupt process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-28990: Jiri Ha, Arni Hardarson
Available for: macOS Sonoma
Impact: A malicious app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28978: wdszzml and Atuin Automated Vulnerability Discovery Engine
Available for: macOS Sonoma
Impact: An attacker may be able to cause unexpected app termination
Description: A memory corruption vulnerability was addressed with improved locking.
CVE-2026-28992: Johnny Franks (@zeroxjf)
Available for: macOS Sonoma
Impact: An app may be able to determine kernel memory layout
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28943: Google Threat Analysis Group
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A use after free issue was addressed with improved memory management.
CVE-2026-28969: Mihalis Haatainen, Ari Hawking, Ashish Kunwar
Available for: macOS Sonoma
Impact: An app may be able to disclose kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2026-43654: Vaagn Vardanian, Nathaniel Oh (@calysteon)
Available for: macOS Sonoma
Impact: A maliciously crafted disk image may bypass Gatekeeper checks
Description: A file quarantine bypass was addressed with additional checks.
CVE-2026-28954: Yiğit Can YILMAZ (@yilmazcanyigit)
Available for: macOS Sonoma
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: A buffer overflow was addressed with improved input validation.
CVE-2026-28897: Robert Tran, popku1337, Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Aswin kumar Gokulakannan
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: An integer overflow was addressed with improved input validation.
CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic Research
Available for: macOS Sonoma
Impact: An app may be able to modify protected parts of the file system
Description: A denial of service issue was addressed by removing the vulnerable code.
CVE-2026-28908: beist
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: An authorization issue was addressed with improved state management.
CVE-2026-28951: Csaba Fitzl (@theevilbit) of Iru
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2026-28972: Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd., Ryan Hileman via Xint Code (xint.io)
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with additional validation.
CVE-2026-28986: Tristan Madani (@TristanInSec) from Talence Security, Ryan Hileman via Xint Code (xint.io), Chris Betz
Available for: macOS Sonoma
Impact: An app may be able to leak sensitive kernel state
Description: A logging issue was addressed with improved data redaction.
CVE-2026-28987: Dhiyanesh Selvaraj (@redroot97)
Available for: macOS Sonoma
Impact: Replying to an email could display remote images in Mail in Lockdown Mode
Description: A logic issue was addressed with improved checks.
CVE-2026-28929: Yiğit Can YILMAZ (@yilmazcanyigit)
Available for: macOS Sonoma
Impact: An attacker on the local network may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
CVE-2026-43653: Atul R V
Available for: macOS Sonoma
Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory
Description: A use after free issue was addressed with improved memory management.
CVE-2026-43668: Anton Pakhunov, Ricardo Prado
Available for: macOS Sonoma
Impact: An attacker on the local network may be able to cause a denial-of-service
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-43666: Ian van der Wurff (ian.nl)
Available for: macOS Sonoma
Impact: An attacker may be able to track users through their IP address
Description: This issue was addressed through improved state management.
CVE-2026-28906: Ilya Sc. Jowell A.
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-28840: Morris Richman (@morrisinlife), Andrei Dodu
Available for: macOS Sonoma
Impact: Parsing a maliciously crafted file may lead to an unexpected app termination
Description: An out-of-bounds write issue was addressed with improved input validation.
CVE-2026-43656: Peter Malone
Available for: macOS Sonoma
Impact: Processing a maliciously crafted image may corrupt process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-39870: Peter Malone
Available for: macOS Sonoma
Impact: A remote attacker may be able to cause unexpected app termination
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28846: Peter Malone
Available for: macOS Sonoma
Impact: An app may be able to access user-sensitive data
Description: This issue was addressed by adding an additional prompt for user consent.
CVE-2026-28993: Doron Assness
Available for: macOS Sonoma
Impact: An app may be able to access sensitive user data
Description: A race condition was addressed with additional validation.
CVE-2026-28996: Alex Radocea
Available for: macOS Sonoma
Impact: An app may be able to gain root privileges
Description: A consistency issue was addressed with improved state handling.
CVE-2026-28919: Amy (amys.website)
Available for: macOS Sonoma
Impact: An app may be able to access Contacts without user consent
Description: A race condition was addressed with improved handling of symbolic links.
CVE-2026-28924: YingQi Shi (@Mas0nShi) of DBAppSecurity's WeBin lab, Andreas Jaegersberger & Ro Achterberg of Nosebeard Labs
Available for: macOS Sonoma
Impact: An app may be able to observe unprotected user data
Description: A path handling issue was addressed with improved logic.
CVE-2026-39871: an anonymous researcher
Available for: macOS Sonoma
Impact: An app may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2026-28819: Wang Yu
Available for: macOS Sonoma
Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Wi-Fi packets
Description: A use after free issue was addressed with improved memory management.
CVE-2026-28994: Alex Radocea
Available for: macOS Sonoma
Impact: Visiting a maliciously crafted website may leak sensitive data
Description: An information leakage was addressed with additional validation.
CVE-2026-28920: Brendon Tiszka of Google Project Zero
We would like to acknowledge Ryan Hileman via Xint Code (xint.io) for their assistance.