{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-28892", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "state": "PUBLISHED", "assignerShortName": "apple", "dateReserved": "2026-03-03T16:36:03.981Z", "datePublished": "2026-03-25T00:31:38.513Z", "dateUpdated": "2026-03-25T00:31:38.513Z"}, "containers": {"cna": {"problemTypes": [{"descriptions": [{"lang": "en", "description": "An app may be able to modify protected parts of the file system"}]}], "affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"version": "0", "status": "affected", "lessThan": "14.8.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "15.7.5", "versionType": "custom"}, {"version": "0", "status": "affected", "lessThan": "26.4", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system."}], "references": [{"url": "https://support.apple.com/en-us/126794"}, {"url": "https://support.apple.com/en-us/126795"}, {"url": "https://support.apple.com/en-us/126796"}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2026-03-25T00:31:38.513Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to modify protected parts of the file system."}], "id": "CVE-2026-28892", "lastModified": "2026-03-25T15:41:33.977", "metrics": {}, "published": "2026-03-25T01:17:12.673", "references": [{"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126794"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126795"}, {"source": "product-security@apple.com", "url": "https://support.apple.com/en-us/126796"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,14.8.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,15.7.5)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,26.4)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "macOS", "source": "cna", "vendor": "Apple"}, "product": "macos", "vendor": "apple"}], "analysis": {"en": {"generated_at": "2026-03-25T03:24:23.680718+00:00", "value": {"mitigation_remediation": ["Update macOS to a version that includes the security fix (Sequoia\u202f15.7.5, Sonoma\u202f14.8.5, Tahoe\u202f26.4 or later).", "Verify that the update was applied by checking the system version and update status.", "If an update cannot be applied immediately, limit write permissions on protected system directories to trusted processes and monitor for unauthorized changes.", "Keep all macOS and third\u2011party software up to date to reduce attack surface."], "summary": {"action": "Patch Immediately", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Apple macOS installations that were released before the security fix were affected. Versions older than macOS Sequoia\u202f15.7.5, macOS Sonoma\u202f14.8.5, or macOS Tahoe\u202f26.4 contain the vulnerable code; those later releases include the removal of the problem code and are no longer affected.", "description_and_impact": "The vulnerability can allow an application to modify protected parts of the file system. By writing to directories or files that are intended to be immutable, an attacker could alter or replace critical system components, potentially leading to arbitrary code execution or system compromise. The issue results from improper access controls that permit write access where it should be denied.", "risk_and_exploitability": "No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, indicating limited publicly known exploitation. The likely attack vector is local; an attacker must run or influence an application that can write to protected file system locations. Once privileged, the attacker could achieve full system compromise. Without a high\u2011privilege prerequisite, the risk is moderate but still significant due to the potential for privilege escalation."}}}}, "created": "2026-03-25T11:37:03.511655+00:00", "title": "macOS Permission Issue Allowing Modification of Protected File System Areas", "updated": "2026-03-25T20:56:48.264714+00:00", "vendors": ["apple", "apple$PRODUCT$macos"], "weaknesses": ["CWE-284", "CWE-732"]}