macOS Tahoe 26.5 Security Patches: Key Vulnerabilities Fixed

Apple released macOS Tahoe 26.5 on May 11, 2026, addressing a broad set of security vulnerabilities spanning the operating system kernel, file quarantine enforcement, and the WebKit browser engine. The most consequential fixes involve local privilege escalation and kernel memory exposure.

Kernel Flaws Range From Root Escalation to Direct Memory Write

Four kernel-level vulnerabilities were addressed in this update, each with a distinct exploit consequence. The most direct is CVE-2026-28951, discovered by Csaba Fitzl, which involved an authorization failure allowing a local application to gain root privileges. Separately, CVE-2026-28897, credited to researchers including STAR Labs SG, describes a buffer overflow condition that could allow a local user to cause unexpected system termination or read kernel memory.

Two additional kernel issues complete the picture. CVE-2026-28972, credited to STAR Labs SG and Ryan Hileman, involved an out-of-bounds write that could permit an application to terminate the system or write to kernel memory — the most invasive of the four in terms of memory access scope. CVE-2026-28952, reported by Calif.io in collaboration with Claude and Anthropic Research, was an integer overflow in the kernel that could allow an application to trigger unexpected system termination.

Apple's standard disclosure policy does not confirm exploitation status until patches are broadly deployed, so in-the-wild use of any of these vulnerabilities remains unconfirmed. The chart below maps each CVE to its disclosed impact class.

A Gatekeeper Bypass Via Maliciously Crafted Disk Images

CVE-2026-28954, discovered by Yiğit Can YILMAZ, sits outside the kernel but carries meaningful delivery-chain risk. The vulnerability involved a file quarantine failure: a maliciously crafted disk image could bypass Gatekeeper checks, the system's first-line enforcement layer for applications downloaded from outside the App Store.

This is distinct from a code-signing bypass. Gatekeeper's quarantine flag is applied when a file is downloaded through a quarantine-aware application such as a browser or email client. A flaw in how that flag is evaluated against disk image contents means a user could mount an image and launch an application without triggering the standard Gatekeeper warning dialog, even if the application inside is unsigned or from an unnotarized source. Combined with techniques like those seen in a poisoned VS Code extension that exposed GitHub internal repositories or a supply-chain attack against the TanStack npm package, a Gatekeeper bypass of this kind reduces the friction for initial access considerably. The patch summary below shows how the Tahoe 26.5 update distributes across the main affected subsystems.

WebKit Fixes Address Content-Processing Crashes and CSP Enforcement Failures

The WebKit component, which underpins Safari and all third-party browsers on macOS, received several patches in this update. Apple's disclosures describe conditions in which processing maliciously crafted web content could lead to an application crash, exposure of sensitive user information, or a failure to enforce Content Security Policy (CSP) rules.

CSP enforcement failures are notable in a browser security context because CSP is a primary mechanism for preventing cross-site scripting by restricting which scripts, stylesheets, and resources a page may load. A bypass does not directly compromise the host operating system, but it can allow an attacker-controlled page to execute code or exfiltrate data that CSP was meant to block. The crash-class issues, while typically lower severity than memory disclosure, can serve as a precursor step in more complex exploitation chains when combined with memory safety issues elsewhere in the browser stack.

Apple has not confirmed whether any of the WebKit vulnerabilities were exploited before the patch was available. Users and administrators running Safari or any macOS application with an embedded WebKit view should treat the update as a priority deployment given the surface area involved. The diagram below illustrates how the Gatekeeper bypass path interacts with the broader threat model this update addresses.