Apple Fixes WebKit Flaws in iOS and macOS, With Assist From AI Instruments – Safety Affairs

Apple Fixes WebKit Flaws in iOS and macOS, With Assist From AI Instruments

Pierluigi Paganini
June 30, 2026

Apple launched updates for iOS, iPadOS, macOS, and Safari, fixing WebKit flaws, 4 of which had been discovered utilizing AI instruments like Claude and Codex

Apple pushed out security updates for iOS, iPadOS, macOS, and Safari on Monday, and this spherical comes with a twist price noticing. 4 of the WebKit vulnerabilities patched had been discovered utilizing AI instruments, together with Anthropic’s Claude and OpenAI’s Codex Safety. That’s not a small element. It adjustments who’s doing the looking on the defensive facet.

The corporate addressed 4 bugs in WebKit, the engine that powers Safari and the rest on Apple gadgets that renders net content material.

Under are the descriptions of the vulnerabilities:

• CVE-2026-43707 – A reminiscence corruption vulnerability in WebKit that may trigger an sudden course of crash when dealing with specifically crafted net content material.
• CVE-2026-43716 – A WebKit vulnerability that may set off an sudden Safari crash when processing maliciously crafted net content material.
• CVE-2026-43745 – An out-of-bounds write flaw in WebKit that may trigger Safari to crash when a consumer visits specifically crafted net content material.
• CVE-2026-43715 – A use-after-free vulnerability in WebKit that may result in reminiscence corruption when processing maliciously crafted net content material.

They’re a part of a a lot larger patch load. Apple’s advisory lists near 30 fixes throughout WebKit alone, together with a use-after-free in WebKit Canvas and a flaw that allow a malicious web site pull restricted content material out of the browser sandbox. On the kernel facet, three separate bugs might have let a malicious app leak kernel state, crash the system outright, or corrupt kernel reminiscence. Safety researcher Hyunwoo Kim, recognized for locating the Soiled Frag exploit, will get credit score for 2 of these kernel points.

The updates are dwell now: iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2. Apple says not one of the patched vulnerabilities present indicators of getting been exploited earlier than the repair shipped. Replace anyway, clearly, that’s not likely elective recommendation anymore.

Why the timing issues greater than normal? Right here’s the half that’s really new. Apple advised Reuters it’s pushing these fixes out forward of schedule, separate from the following full iOS launch, due to how briskly AI can now flip a recognized flaw right into a working exploit. As one wire report put it,

“Except safety consultants uncover ​a hacking marketing campaign focusing on a beforehand unknown software program flaw, Apple often releases safety ‌updates ⁠as a part of a transfer from one model of iOS to the following, for instance from the presently obtainable model – 26.5 – to the following deliberate replace, 26.6. Within the interim, builders and ​different testers trial ​the following ⁠replace to iron out any kinks.” states Reuters. “The corporate stated that, as an alternative, the newest spherical of safety updates ​had been being made obtainable to everybody forward of ​the ⁠wider launch of 26.6. It stated that whereas there was no proof that any of the newly patched vulnerabilities had been taken ⁠benefit of, ​the time between the purpose when ​safety fixes had been first introduced and after they had been deployed to clients’ telephones ​wanted to be compressed.”

That’s an actual departure from how Apple usually operates. The corporate usually bundles safety fixes into the following massive iOS model bump quite than delivery standalone patches. Reuters described this as “a notable change in Apple’s longstanding apply of packaging safety fixes with broader software program releases”, which tells you Apple sees the AI-acceleration downside as structural, not a one-off.

The Hacker Information confirms that the patches deal with “flaws, together with 4 vulnerabilities in WebKit that had been found utilizing synthetic intelligence (AI) instruments.” Similar instruments that may discover these bugs for defenders can, in numerous fingers, assist discover them for attackers. The race simply bought sooner on each side.

The irony is tough to overlook. AI helped researchers discover these flaws, however it’s additionally making it simpler for attackers to find and exploit bugs extra shortly. That’s why Apple is shifting sooner to launch safety updates and scale back the time attackers need to benefit from them.

Should you’ve been delaying your updates, now is an effective time to put in them. Whereas most of those flaws primarily trigger crashes, attackers can usually mix them with different vulnerabilities to hold out extra critical assaults.

Comply with me on Twitter: @securityaffairs and Facebook and Mastodon