Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

On May 11, 2026 Apple released updates of iOS and iPadOS and MacOS (Tahoe and Sequoia) including patches for two kernel-level vulnerabilities discovered by Xint researchers using Xint Code. We will soon share a deeper technical dive into these vulnerabilities.

CVE-2026-28972

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination or write kernel memory

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2026-28986

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination

Description: A race condition was addressed with additional validation.