www.thezdi.com 7/1/2026, 4:02:32 PM · external

Apple patches 37 WebKit kernel flaws, including sandbox escapes

Apple patches 37 WebKit kernel flaws, including sandbox escapes
CyberSIXT Evidence Panel
Primary Source nvd.nist.gov
CISA KEV Not in KEV
Patch Patch Available

IN June 2026, Apple released a security update addressing 37 unique CVEs across iOS, iPadOS, macOS, and Safari, primarily targeting WebKit/WebRTC vulnerabilities. The majority (31 of 37) focus on crash/DoS bugs rather than code execution risks, with notable kernel bugs CVE-2026-43724 (potential system termination or kernel memory write) and CVE-2026-39868 (kernel memory corruption) highlighting significant security concerns.

Two WebKit bugs, CVE-2026-43725 and CVE-2026-43701, pose risks of sandbox escapes, crucial for exploiting the aforementioned kernel issues. The update categorized the bugs into denial of service, information disclosure, memory corruption, elevation of privilege, sandbox escape, and spoofing.

View Primary Source Via www.thezdi.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline