Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Apple Wallet Arbitrary Code Execution Vulnerability in iOS, iPadOS, and watchOS

Vulnerability

Exploited

A validation issue in the Wallet application on Apple devices can lead to arbitrary code execution. This vulnerability affects iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2. The issue arises from improper handling of attachments, which could be exploited to execute malicious code. Apple is aware of reports suggesting that this vulnerability may have been actively exploited.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected device.

Remediation

Users can update to iOS 16.6.1, iPadOS 16.6.1, or watchOS 9.6.2. Instructions for updating iOS and iPadOS are available on the Apple Support website. For watchOS, details on how to update are also provided on the Apple Support site.

Added: May 15, 2026, 11:23 AM

Updated: May 15, 2026, 11:23 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

8.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.3

remediation

0.0

relevance

0.0

threat

8.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Apple Wallet Arbitrary Code Execution Vulnerability in iOS, iPadOS, and watchOS

Vulnerability

Impact

Remediation

Affected Products

Apple Wallet

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating