CVE-2026-28956

MEDIUM

iOS and iPadOS < 26.5 - Out-of-bounds Read via Maliciously Crafted Media File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-28956. PoCs published by impost0r.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-28956, targeting a use-after-free (UAF) vulnerability in AppleJPEGXL. The exploit uses DYLD interposing to manipulate freed memory regions, demonstrating both register control and arbitrary read/write capabilities for Apple Security Bounty (ASB) validation.

Description

A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.

Exploits (1)

github WORKING POC 3 stars

by impost0r · cpoc

https://github.com/impost0r/CVE-2026-28956

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2026-28956, targeting a use-after-free (UAF) vulnerability in AppleJPEGXL. The exploit uses DYLD interposing to manipulate freed memory regions, demonstrating both register control and arbitrary read/write capabilities for Apple Security Bounty (ASB) validation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: AppleJPEGXL (likely in macOS/iOS WebKit or similar)

No auth needed

Prerequisites: macOS/iOS environment with AppleJPEGXL · DYLD_INSERT_LIBRARIES injection capability · malicious JPEG XL file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 17, 2026 Full analysis →

References (7)

Core 7

Core References

https://support.apple.com/en-us/127110

https://support.apple.com/en-us/127115

https://support.apple.com/en-us/127116

https://support.apple.com/en-us/127117

https://support.apple.com/en-us/127118

https://support.apple.com/en-us/127119

https://support.apple.com/en-us/127120

Scores

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 12.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-125 CWE-787

Status published

Products (13)

Apple/iOS and iPadOS < 26.5

apple/ipados < 26.5

apple/iphone_os < 26.5

Apple/macOS < 14.8.7

Apple/macOS < 15.7.7

Apple/macOS < 26.5

apple/macos 14.0 - 14.8.7

Apple/tvOS < 26.5

apple/tvos < 26.5

Apple/visionOS < 26.5

... and 3 more

Published May 11, 2026

Tracked Since May 12, 2026