Apple has released a new round of security updates for its operating systems and web browser, addressing more than 30 vulnerabilities affecting iOS, iPadOS, macOS, and Safari. Among the fixes are four WebKit vulnerabilities that were identified with assistance from artificial intelligence tools, highlighting the growing role of AI in cybersecurity research and vulnerability discovery. The updates are available for iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2. Apple confirmed that none of the corrected vulnerabilities had been reported as actively exploited at the time the updates were released. The company also indicated that it is accelerating the release of security updates in response to concerns that AI technologies could significantly reduce the time required for attackers to develop exploits after vulnerabilities become publicly known.
Four of the patched vulnerabilities affect WebKit, Apple’s open source browser engine used by Safari and other applications. The flaws include CVE 2026 43707, a memory corruption issue that could cause an unexpected process crash while handling specially crafted web content, CVE 2026 43716, an unspecified flaw capable of triggering Safari crashes, CVE 2026 43745, an out of bounds write vulnerability that could also result in unexpected browser crashes, and CVE 2026 43715, a use after free vulnerability that may lead to memory corruption during the processing of malicious web content. Apple addressed these issues through improvements in memory handling, input validation, and memory management. The first three vulnerabilities were credited to OpenAI Codex Security, while CVE 2026 43715 was attributed to researchers Milad Nasr and Nicholas Carlini from Anthropic, together with Claude. These vulnerabilities form part of nearly 30 WebKit related security fixes included in the latest updates. Apple also resolved additional issues such as CVE 2026 43720, a use after free vulnerability affecting WebKit Canvas, and CVE 2026 43725, which could allow a malicious website to process restricted web content outside the browser sandbox, potentially weakening built in security protections.
Beyond WebKit, Apple corrected several kernel level vulnerabilities that could impact the security and stability of its operating systems. These include CVE 2026 43722, which could allow a malicious application to leak sensitive kernel state information, CVE 2026 43724, a flaw that could result in unexpected system termination or unauthorized writing to kernel memory, and CVE 2026 39868, which could lead to kernel memory corruption. Security researcher Hyunwoo Kim, known for discovering the Dirty Frag vulnerability, was credited with identifying and reporting both CVE 2026 43722 and CVE 2026 43724. Kernel vulnerabilities are considered particularly important because successful exploitation can enable attackers to gain elevated privileges or compromise core operating system functions, making timely software updates essential for reducing security risks. Apple included fixes for these issues across supported versions of iOS, iPadOS, and macOS to strengthen overall platform security.
According to a statement shared by Apple with Reuters, the company has adjusted its security update strategy due to the increasing capabilities of artificial intelligence tools in identifying software weaknesses and accelerating exploit development. Apple said it is reducing the time between the completion of security fixes and their public release to customers in response to concerns that AI could shorten the period between vulnerability disclosure and active exploitation. The company noted that advanced AI systems have the potential to assist researchers in discovering software flaws more efficiently, but the same capabilities could also be leveraged by malicious actors to create exploits more rapidly. By releasing updates sooner, Apple aims to provide users with security protections before newly disclosed vulnerabilities can be weaponized. The latest patches reflect Apple’s ongoing efforts to strengthen the security of its software ecosystem while responding to the evolving cybersecurity landscape shaped by artificial intelligence driven research and emerging attack techniques.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.