Zero Day Initiative | Blog
Follow
The Apple macOS Security Update Review
The blog provides an analysis of macOS security updates released in May 2026. Apple released 82 unique CVEs across three macOS versions: Tahoe, Sequoia, and Sonoma. The blog highlights three potentially severe vulnerabilities without assigned severity scores from Apple. CVE-2026-28819, related to Wi-Fi, allows arbitrary code execution with kernel privileges across all versions. CVE-2026-43668, concerning mDNSResponder, enables remote attackers to corrupt kernel memory. Another critical vulnerability is CVE-2026-28972, enabling apps to write to kernel memory. The document includes a detailed table listing all released CVEs, components affected, and their impact. The blog concludes by stating the intention to continue the macOS update analysis if readers find it helpful.