PT-2026-39777 · Apple · Macos Tahoe+1

Guluisacat

+4

·

Published

2026-03-24

·

Updated

2026-05-31

·

CVE-2026-28910

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions macOS Tahoe versions prior to 26.4
Description An issue in the macOS Archive Utility allows a malicious application to access arbitrary files by breaking App Sandbox Data Containers and Transparency, Consent, and Control (TCC). The flaw enables an attacker to swap a signed application's executable on disk to bypass code signing protections. Exploitation requires the victim to execute an attacker-provided shell script and be deceived into performing a drag-and-drop action.
Recommendations Update macOS Tahoe to version 26.4.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-28910

Affected Products

Apple Macos
Macos Tahoe