IN June 2026, Apple released a security update addressing 37 unique CVEs across iOS, iPadOS, macOS, and Safari, primarily targeting WebKit/WebRTC vulnerabilities. The majority (31 of 37) focus on crash/DoS bugs rather than code execution risks, with notable kernel bugs CVE-2026-43724 (potential system termination or kernel memory write) and CVE-2026-39868 (kernel memory corruption) highlighting significant security concerns.
Two WebKit bugs, CVE-2026-43725 and CVE-2026-43701, pose risks of sandbox escapes, crucial for exploiting the aforementioned kernel issues. The update categorized the bugs into denial of service, information disclosure, memory corruption, elevation of privilege, sandbox escape, and spoofing.