Apple has released macOS Tahoe 26.5 addressing over 70 security vulnerabilities, including critical issues that could allow privilege escalation, sandbox escapes, and kernel memory access.
Apple has released macOS Tahoe 26.5, a security-focused update that addresses more than 70 vulnerabilities across various components of the operating system. The update, released on May 11, 2026, includes patches for issues ranging from kernel-level exploits to web rendering vulnerabilities in WebKit.
Among the most critical vulnerabilities addressed is CVE-2026-28994 in the Wi-Fi component, which could allow an attacker in a privileged network position to execute arbitrary code with kernel privileges. Similarly, CVE-2026-28819 in Wi-Fi could enable denial-of-service attacks using crafted Wi-Fi packets.
WebKit, the web rendering engine used in Safari, received significant attention in this update, with multiple vulnerabilities patched. CVE-2026-43660 and CVE-2026-28907 both address issues where processing maliciously crafted web content could prevent Content Security Policy from being enforced, potentially allowing cross-site scripting attacks. Another WebKit vulnerability (CVE-2026-28971) could lead to unexpected process crashes when processing malicious content.
Several vulnerabilities addressed could allow sandbox escapes, a particularly concerning class of flaws in Apple's security model. CVE-2026-28995 in App Intents and CVE-2026-28923 in GPU Drivers both could allow malicious apps to break out of their sandboxes, potentially accessing sensitive system resources.
The kernel received multiple patches, including CVE-2026-28951 which could allow an app to cause unexpected system termination or write kernel memory, and CVE-2026-28908 which could allow a maliciously crafted disk image to bypass Gatekeeper checks.
Notably, Apple has recognized numerous security researchers for their contributions to this security update. The acknowledgments include researchers from organizations like Google Threat Analysis Group, STAR Labs SG Pte. Ltd., Beryllium Security, and independent researchers who discovered and reported these vulnerabilities through Apple's security bounty program.
The diversity of researchers credited demonstrates Apple's ongoing commitment to working with the security community to identify and patch vulnerabilities. This includes researchers who found issues through automated vulnerability discovery engines, highlighting the growing role of automated security testing in software development.
Apple's security update philosophy remains consistent: they don't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. This approach helps prevent malicious actors from exploiting vulnerabilities before users can apply patches.
For users, this update underscores the importance of keeping systems updated, as many of these vulnerabilities could be exploited by malicious actors to gain elevated privileges, access sensitive data, or cause system crashes. The breadth of components affected—from core system services to web rendering—shows the complexity of securing a modern operating system.
Apple has made the security content available on their security releases page, and users are encouraged to apply the update promptly to protect their systems from potential exploits.
Comments
Please log in or register to join the discussion