PT-2026-39777 · Apple · Macos Tahoe+1
Guluisacat
+4
·
Published
2026-03-24
·
Updated
2026-05-31
·
CVE-2026-28910
CVSS v3.1
3.3
Low
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
macOS Tahoe versions prior to 26.4
Description
An issue in the macOS Archive Utility allows a malicious application to access arbitrary files by breaking App Sandbox Data Containers and Transparency, Consent, and Control (TCC). The flaw enables an attacker to swap a signed application's executable on disk to bypass code signing protections. Exploitation requires the victim to execute an attacker-provided shell script and be deceived into performing a drag-and-drop action.
Recommendations
Update macOS Tahoe to version 26.4.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Macos Tahoe