Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

On May 11, 2026, Apple released security updates for iOS, iPadOS, and macOS to patch two kernel-level vulnerabilities (CVE-2026-28972 and CVE-2026-28986) discovered by Xint researchers. The first flaw was an out-of-bounds write issue that could allow an app to cause system termination or write kernel memory, while the second was a race condition that could lead to unexpected system termination. The updates affect a wide range of devices, including iPhone 11 and later, multiple iPad models, and Macs running Tahoe and Sequoia.

Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS On May 11, 2026 Apple released updates of iOS and iPadOS and MacOS Tahoe and Sequoia including patches for two kernel-level vulnerabilities discovered by Xint researchers using Xint Code. We will soon share a deeper technical dive into these vulnerabilities. CVE-2026-28972 Description: An out-of-bounds write issue was addressed with improved input validation. Impact: An app may be able to cause unexpected system termination or write kernel memory. Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later. CVE-2026-28986 Description: A race condition was addressed with additional validation. Impact: An app may be able to cause unexpected system termination. Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.