CVE-2026-28910

Name of the Vulnerable Software and Affected Versions macOS Tahoe versions prior to 26.4

Description A flaw in the Archive Utility allows a malicious application to bypass the App Sandbox data containers, Transparency, Consent, and Control (TCC), and code signing. This can lead to the hijacking of applications and provide unauthorized access to arbitrary files across the full file system. The issue stems from insufficient permissions checking.

Recommendations Update to macOS Tahoe 26.4.