SecurityWeek

Apple Patches Dozens of Vulnerabilities Across iOS, macOS, and Safari


Apple announced security updates this week for iOS, iPadOS, macOS Tahoe, and Safari that resolve dozens of vulnerabilities, including 26 security defects in WebKit.

iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 were rolled out with 37 security fixes across IOGPUFamily, kernel, libxslt, Web Extensions, WebKit, and WebRTC.

The 26 WebKit bugs (including two in WebKit Canvas and WebKit Storage) could be exploited via malicious websites to exfiltrate data, leak sensitive information, crash Safari, corrupt memory, disclose process memory, hijack clipboard data, and process restricted web content outside the sandbox.

The 11 flaws affecting other operating system components could lead to system crashes, kernel memory writes, kernel state disclosure, kernel memory corruption, process crashes, and Safari crashes.

Per Apple’s advisories, at least four of these security defects appear to have been identified using AI. They were reported to Apple by Anthropic and OpenAI Codex Security researchers.

On Monday, Apple also announced the release of Safari 26.5.2 with patches for 31 vulnerabilities in Web Extensions, WebKit, WebKit Canvas, WebKit Storage, and WebRTC.

Advertisement. Scroll to continue reading.

The Safari update brings these security fixes to macOS Sonoma and macOS Sequoia users, after they were first made available to the users of macOS Tahoe 26.6 beta.

The company makes no mention of any of these security defects being exploited in the wild, but threat actors are known to have weaponized bugs in Apple products shortly after disclosure.

Users are advised to update their devices as soon as possible, especially since most of the resolved issues affect WebKit and could be triggered when visiting a malicious website. Additional information can be found on Apple’s security updates page.

Related: New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones

Related: In Other News: Apple Patches Beats Eavesdropping Flaw, DOT Closes Delta CrowdStrike Probe, AWS Continuum

Related: Apple Rejected 2 Million App Store Submissions in 2025 for Security and Fraud Prevention

Related: Apple Patches Dozens of Vulnerabilities in macOS, iOS



Source link