cd /news/cybersecurity/kernel-vulns-uncovered-by-xint-in-ma… · home topics cybersecurity article
[ARTICLE · art-8082] src=xint.io ↗ pub= topic=cybersecurity verified=true sentiment=· neutral

Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

On May 11, 2026, Apple released security updates for iOS, iPadOS, and macOS to patch two kernel-level vulnerabilities (CVE-2026-28972 and CVE-2026-28986) discovered by Xint researchers. The first flaw was an out-of-bounds write issue that could allow an app to cause system termination or write kernel memory, while the second was a race condition that could lead to unexpected system termination. The updates affect a wide range of devices, including iPhone 11 and later, multiple iPad models, and Macs running Tahoe and Sequoia.

read1 min views15 publishedMay 12, 2026

Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS On May 11, 2026 Apple released updates of iOS and iPadOS and MacOS (Tahoe and Sequoia) including patches for two kernel-level vulnerabilities discovered by Xint researchers using Xint Code. We will soon share a deeper technical dive into these vulnerabilities. CVE-2026-28972 Description: An out-of-bounds write issue was addressed with improved input validation. Impact: An app may be able to cause unexpected system termination or write kernel memory. Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later. CVE-2026-28986 Description: A race condition was addressed with additional validation. Impact: An app may be able to cause unexpected system termination. Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

── more in #cybersecurity 4 stories · sorted by recency
── more on @apple 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/kernel-vulns-uncover…] indexed:0 read:1min 2026-05-12 ·