Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari

The updates fix vulnerabilities in WebKit, the kernel, WebRTC, Web Extensions, and other components affecting iPhone, iPad, Mac, and Safari users.

Apple patches

Apple announced security updates this week for iOS, iPadOS, macOS Tahoe, and Safari that resolve dozens of vulnerabilities, including 26 security defects in WebKit.

iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 were rolled out with 37 security fixes across IOGPUFamily, kernel, libxslt, Web Extensions, WebKit, and WebRTC.

The 26 WebKit bugs (including two in WebKit Canvas and WebKit Storage) could be exploited via malicious websites to exfiltrate data, leak sensitive information, crash Safari, corrupt memory, disclose process memory, hijack clipboard data, and process restricted web content outside the sandbox.

The 11 flaws affecting other operating system components could lead to system crashes, kernel memory writes, kernel state disclosure, kernel memory corruption, process crashes, and Safari crashes.

Per Apple’s advisories, at least four of these security defects appear to have been identified using AI. They were reported to Apple by Anthropic and OpenAI Codex Security researchers.

On Monday, Apple also announced the release of Safari 26.5.2 with patches for 31 vulnerabilities in Web Extensions, WebKit, WebKit Canvas, WebKit Storage, and WebRTC.

Advertisement. Scroll to continue reading.

The Safari update brings these security fixes to macOS Sonoma and macOS Sequoia users, after they were first made available to the users of macOS Tahoe 26.6 beta.

The company makes no mention of any of these security defects being exploited in the wild, but threat actors are known to have weaponized bugs in Apple products shortly after disclosure.

Users are advised to update their devices as soon as possible, especially since most of the resolved issues affect WebKit and could be triggered when visiting a malicious website. Additional information can be found on Apple’s security updates page.

Related: New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones

Related: In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

Related: Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

Related: Apple Patches Dozens of Vulnerabilities in macOS, iOS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.