CVE-2026-28952: Apple macOS 26.5 Kernel Vuln found by Claude

 (support.apple.com)

63 points | by dragonsenseiguy 2 hours ago

14 comments

  • concinds 25 minutes ago
    I wonder how well Apple has deployed these tools internally for security research.

    Since mid-April Chrome showed 302 vulnerabilities patched, 225 of them found by Google. Same period last year was 19 vulnerabilities. They've also become more transparent recently, disclosing vulnerabilities found internally, not just externally (which Apple still doesn't appear to do). From the outside, it's hard to tell if Apple has deployed this tooling as much as Google.

  • Aurornis 48 minutes ago
    More than 26.5:

    > The affected releases include iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, and macOS Tahoe 26.5.

    I’ve already seen a lot of people self-congratulating for not updating to Tahoe but this isn’t exclusive to Tahoe.

    [-]
    • dragonsenseiguy 34 minutes ago
      Ah thanks! I was only looking at Tahoe since my mac had an update and I usually look at the security release notes.
  • neuronexmachina 51 minutes ago
    CVEs:

    * https://nvd.nist.gov/vuln/detail/CVE-2026-28952

    * https://nvd.nist.gov/vuln/detail/CVE-2026-28942

  • three_burgers 32 minutes ago
    CVE-2026-28952 is about an integer overflow due to lack of input validation. I wonder what makes such vulnerability difficult to discover by traditional SAST tools?
  • fosterfriends 1 hour ago
    Kernel Available for: macOS Tahoe

    Impact: An app may be able to cause unexpected system termination

    Description: An integer overflow was addressed with improved input validation.

    CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic Research

  • dragonsenseiguy 10 minutes ago
    Sidenote but: it's crazy how big this update is. 13 GB is crazy
    [-]
    • jshier 5 minutes ago
      Update from 26.3 to 26.4 for the Studio Display XDR was 2.4GB. And that's for a variant of iOS designed for screens.
  • ZPrimed 25 minutes ago
    This isn't a 26.5 bug, this is a bug fixed in 26.5.
    [-]
  • vessenes 56 minutes ago
    For many years my go-to plan has been to stay one point release behind apple's releases, especially the .0 releases -- but, times change. Last night I pushed the button for 26.5, thinking about the Glasswing/Mythos reporting. Seems like staying on bleeding edge is going to be the name of the game.

    I wonder if this will change general dynamics -- feels like LTS releases could become even more important, at the same time having reduced maintenance costs since you can have some agentic help on backporting.

    [-]
    • dragonsenseiguy 1 minute ago
      Same! I almost never updated, now I feel like i need to update. Kinda feels like FOMO but for security updates
    • samtheprogram 5 minutes ago
      Security updates still go out for older major releases back 2 versions. You didn’t need to jump to 26 if you weren’t on it.
  • embedding-shape 1 hour ago
    Claude and Anthropic is mentioned, but not Mythos, I'm guessing this would mean then this was found outside of the whole Mythos thing, or would there be any reason for them not to mention it, if it was involved?
    [-]
  • fl1pper 1 hour ago
    Where all of this is going? Will there be a dedicated servers running coding agents that iterate throught codebases for each company to find vulnerabilities 24/7?
    [-]
    • Aurornis 50 minutes ago
      More like: There will be a budget for tokens to be spent on security audits.

      1000 different companies will be pitching your CTO their proprietary vulnerability scanning harness as the most cost effective.

      [-]
    • vessenes 58 minutes ago
      Yes
  • AntosTools 29 minutes ago
    [flagged]
  • Gigachad 1 hour ago
    [dead]
  • sda2 57 minutes ago
    One more reason to avoid upgrading to Tahoe.
    [-]