PT-2026-39815 · Apple · Ipados+4

Khiem Tran

Published

2026-05-11

Updated

2026-05-16

CVE-2026-28971

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Tahoe versions prior to 26.5 visionOS versions prior to 26.5

Description A malicious iframe may use another website’s download settings. This issue was addressed through improved UI handling.

Recommendations Update iOS to version 26.5. Update iPadOS to version 26.5. Update macOS Tahoe to version 26.5. Update visionOS to version 26.5.

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

CVE-2026-28971

Affected Products

Apple Macos

Ios

Ipados

Macos Tahoe

Visionos

PT-2026-39815 · Apple · Ipados+4

CVE-2026-28971

Weakness Enumeration

Related Identifiers

Affected Products

References · 7