Kernel Vulns Uncovered by Xint in MacOS, iOS and iPadOS

On May 11, 2026 Apple released updates of iOS and iPadOS and MacOS (Tahoe and Sequoia) including patches for two kernel-level vulnerabilities discovered by Xint researchers using Xint Code. We will soon share a deeper technical dive into these vulnerabilities.

CVE-2026-28972

Description: An out-of-bounds write issue was addressed with improved input validation.

Impact: An app may be able to cause unexpected system termination or write kernel memory.

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

CVE-2026-28986

Description: A race condition was addressed with additional validation.

Impact: An app may be able to cause unexpected system termination.

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

For more Xint research proof points, see Copy Fail and the Xint Code product overview at Xint Code.