Gatekeeper Quarantine Bypass in iOS/iPadOS 18.7.9 & macOS 26.5/15.7.7/14.8.7: CVE-2026-28954 May 2026

Gatekeeper Quarantine Bypass in iOS/iPadOS 18.7.9 & macOS 26.5/15.7.7/14.8.7
CVE-2026-28954 Published on May 11, 2026

A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted disk image may bypass Gatekeeper checks.

Vulnerability Analysis

CVE-2026-28954 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

NONE

Availability Impact:

NONE

Weakness Type

Authentication Bypass by Spoofing

This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

Products Associated with CVE-2026-28954

Want to know whenever a new CVE is published for Apple products? stack.watch will email you.

Affected Versions

Before 18.7.9 is affected.

Before 14.8.7 is affected.

Before 15.7.7 is affected.

Before 26.5 is affected.

Gatekeeper Quarantine Bypass in iOS/iPadOS 18.7.9 & macOS 26.5/15.7.7/14.8.7CVE-2026-28954 Published on May 11, 2026

Vulnerability Analysis

Weakness Type

Authentication Bypass by Spoofing

Products Associated with CVE-2026-28954

Affected Versions

Gatekeeper Quarantine Bypass in iOS/iPadOS 18.7.9 & macOS 26.5/15.7.7/14.8.7
CVE-2026-28954 Published on May 11, 2026