Apple Patches 30+ iOS, macOS, and Safari Flaws, Including AI-Discovered WebKit Bugs

Apple shipped an early, large patch cycle across iOS, macOS, and Safari — including four WebKit bugs surfaced by AI tools from OpenAI and Anthropic. For defenders, this is a device-verification week.

Share
Flat white line-art of a phone, a laptop, a patch shield tile, and a small chip motif, on a Midnight Navy background — Apple 30+ iOS, macOS, Safari patches with AI-discovered WebKit bugs.

Key Takeaways

  • Apple released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2 on or around June 29, 2026, addressing more than 30 vulnerabilities across its platforms, with the bulk concentrated in the WebKit browser engine that powers Safari and every browser on iPhone.
  • Four of the WebKit fixes were credited to AI-assisted research: CVE-2026-43707, CVE-2026-43716, and CVE-2026-43745 to OpenAI Codex Security, and CVE-2026-43715, a use-after-free flaw, to Anthropic researchers Milad Nasr and Nicholas Carlini working alongside Claude.
  • Apple said it found no evidence that any of the newly patched flaws had been exploited in the wild, and none appear on the CISA Known Exploited Vulnerabilities catalog; Apple framed the early, off-cycle release as a response to AI shortening the time attackers need to weaponize a disclosed bug.

Apple shipped an early, large patch cycle across iOS, macOS, and Safari — including four WebKit bugs surfaced by AI tools from OpenAI and Anthropic. For defenders, this is a device-verification week.

CUPERTINO, CALIFORNIA — Apple on June 29, 2026 released a large, off-schedule round of security updates — iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2 — addressing more than 30 vulnerabilities across its platforms, the majority of them in WebKit, the browser engine that powers Safari and every browser on iPhone. Apple said it had found no evidence that any of the flaws were being exploited before the fixes shipped, and instead framed the early release as a deliberate move to shorten the window between disclosing a vulnerability and getting the patch onto users' devices.

What gives the cycle its wider significance is who, or what, found some of the bugs. Apple credited four of the WebKit fixes to AI-assisted research — three to OpenAI Codex Security and one to Anthropic researchers working alongside the company's Claude model — making this one of the most visible vendor patch cycles to date in which artificial intelligence is named in the acknowledgements. For organizations, the practical task is unglamorous but real: a routine but high-volume patch-management exercise to verify every managed Apple device lands on a fixed build.

At a Glance
FieldDetails
VendorApple
ProductsiOS / iPadOS 26.5.2, macOS Tahoe 26.5.2, Safari 26.5.2
CVE count30+ vulnerabilities (majority in WebKit; three kernel fixes reported)
AI-discoveredFour WebKit bugs — CVE-2026-43707, -43716, -43745 (OpenAI Codex Security); CVE-2026-43715 (Anthropic / Claude)
Exploited?No evidence of exploitation in the wild, per Apple
KEV statusNot listed on the CISA Known Exploited Vulnerabilities catalog as of disclosure
DisclosedOn or around June 29, 2026

What Apple Published

Apple released the updates through its standard security-content channels on support.apple.com, publishing separate notes for iOS and iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2. Across those releases the company addressed more than 30 distinct vulnerabilities, with reporting placing the bulk of them — well over a dozen — in WebKit, the open-source browser engine Apple develops and the component that renders web content not only in Safari but in every third-party browser on iPhone and iPad, including Chrome, Firefox, and Edge.

The WebKit fixes follow a familiar shape for browser-engine work: a string of use-after-free and memory-corruption issues that, according to Apple's notes, could let maliciously crafted web content crash the browser or, in some cases, corrupt memory. Several of these require no interaction beyond loading a page — simply visiting a booby-trapped site is enough to trigger the underlying condition, which is what makes browser-engine flaws a recurring priority even when none is known to be under attack. Beyond WebKit, reporting indicates the release also carried three kernel fixes, one of which could expose sensitive system state to an external party.

Notably, Apple shipped the release ahead of its usual cadence. Reporting indicates the company pulled forward fixes that had been slated for a later 26.6 cycle, releasing iOS 26.5.2 and its siblings early rather than waiting. Apple has said no new user-facing features accompany the update — it is a security release, and the company's framing of why it came early is the part worth dwelling on.

Organization-Wide Apple-Device Patch Verification

For most security teams, this is not a breach to respond to but a patch cycle to verify — and the verification is broader than it first appears. The same WebKit fixes ship inside iOS, iPadOS, macOS, and standalone Safari, which means a single organization may need to confirm coverage across iPhones, iPads, Macs, and the Safari builds on each. Mobile devices, in particular, often fall outside the cadence that desktop fleets follow, which is precisely where an org-wide verification step earns its keep.

The practical work is inventory and confirmation rather than discovery. Teams should map every managed Apple device against the fixed builds — iOS / iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2 — and not assume that a representative sample speaks for the whole estate. Mobile device management (MDM) tooling can report installed OS versions, but enrollment gaps, personally owned devices under bring-your-own-device (BYOD) policies, and machines that have deferred updates all create blind spots that a deliberate vulnerability-management pass is designed to close.

Because so much of the risk concentrates in WebKit, the verification has a useful second dimension: third-party browsers on iOS and iPadOS inherit Apple's engine, so updating Chrome or Firefox on an iPhone does not, by itself, remediate a WebKit flaw — the underlying OS has to be on a fixed build. That detail is easy to miss in a fleet review and is worth calling out explicitly to users who assume a browser update is sufficient. The durable posture is to treat Apple security releases as a scheduled, fleet-wide verification trigger, not an optional prompt that individual users action at their own pace.

The AI-Discovered WebKit Issues in Context

The detail drawing the most attention is the provenance of four of the WebKit fixes. Apple credited CVE-2026-43707, a memory-corruption issue; CVE-2026-43716; and CVE-2026-43745, an out-of-bounds write, to OpenAI Codex Security. It credited CVE-2026-43715, a use-after-free flaw that could result in memory corruption, to Anthropic researchers Milad Nasr and Nicholas Carlini, working alongside the company's Claude model. Seeing AI systems named in a major vendor's security acknowledgements is no longer a novelty, but a cluster of them in a single Apple cycle is a notable marker of where vulnerability research is heading.

The framing Apple itself offered ties the discovery story to the release-timing story. The company told reporters it has no evidence the patched flaws were exploited, but that it wants to compress the gap between disclosure and delivery because AI is shrinking the time attackers need to turn a known bug into a working exploit. That is the same dynamic The CyberSignal has tracked as AI moves into both offensive and defensive research, including Google's account of an AI-developed zero-day used in mass exploitation earlier in the year.

It is worth keeping the claim proportionate. AI tools surfaced four of the bugs in this cycle; the rest were found through conventional research and Apple's own work, and the AI-credited flaws are not described as more severe than their neighbors. None is reported as exploited. The significance is less that AI found these particular bugs and more that a vendor of Apple's scale is now naming AI assistance as a routine input to its security pipeline — and citing the offensive side of the same technology as its reason for shipping faster.

Cross-Reference: the SANS Internet Storm Center Summary

For defenders who want a concise, vendor-neutral roll-up of an Apple release, the SANS Internet Storm Center (ISC) is a reliable cross-reference. The ISC's handler diaries routinely publish an "Apple Updates (almost) Everything" patch overview that lays the affected products and their CVEs out in a single table, which is useful when a release spans iOS, iPadOS, macOS, Safari, and other platforms at once and the official notes are split across several pages.

Reading the primary Apple notes alongside an independent summary serves a specific purpose: it lets a team confirm scope without relying on a single source. The Apple support pages are authoritative on which CVEs are fixed in which build, while a consolidated overview helps catch the cross-platform spread — the fact that the same WebKit identifiers recur across the phone, tablet, and desktop notes, for instance — that is easy to lose when paging through advisories individually.

That cross-referencing habit is the same discipline that applies to any single-cycle disclosure: corroborate the headline numbers, confirm the fixed-version strings against the primary vendor source before acting on them, and treat third-party roll-ups as a map rather than the territory. For this release, the primary Apple security pages remain the system of record for the exact build numbers a verification pass should be checking against.

Open Questions

A few points are worth holding in view. Apple's count of affected CVEs has been reported as "more than 30" and, in some summaries, as closer to 25 to 30 across the combined releases; the precise total depends on how one tallies identifiers that recur across the iOS, iPadOS, macOS, and Safari notes, so the primary Apple pages are the figure to trust. Likewise, Apple's statement that none of the flaws were exploited reflects what the company knew at release — a status that can change if a fixed flaw later draws attacker interest and lands on the Known Exploited Vulnerabilities catalog the way other reachable browser bugs have.

What is confirmed is enough to act on. Apple shipped a large, early security release across its platforms; the majority of the fixes sit in WebKit, the engine behind every browser on its mobile devices; four of those WebKit bugs were surfaced with AI assistance from OpenAI and Anthropic; and the company explicitly tied the early timing to AI compressing the exploit window. For organizations, the disclosure resolves into a single, concrete task — verify that every managed iPhone, iPad, and Mac is on a fixed build of iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, or Safari 26.5.2 — and to treat AI-accelerated patch cadence as the new baseline rather than the exception.


Sources

TypeSource
PrimaryApple — Security releases (support.apple.com)
PrimaryApple — About the security content of macOS Tahoe 26.5.2
ReportingThe Hacker News
ReportingSecurity Affairs
AnalysisSANS Internet Storm Center — Apple Updates (almost) Everything: Patch Overview
RelatedThe CyberSignal — What Is Patch Management
RelatedThe CyberSignal — Vulnerability Management: The Complete Guide