
APPLE has issued security updates for iOS, iPadOS, macOS Tahoe and Safari, addressing a batch of flaws that could be triggered by malicious web content. Users are urged to install the patches promptly to reduce the risk of data theft or system compromise. Apple's support page outlines the releases.
According to SecurityWeek the updates fix 37 vulnerabilities, with 26 located in the WebKit rendering engine that underpins Safari and all browsers on iOS devices. The flaws include memory corruption issues and permission handling weaknesses that could allow arbitrary code execution when a user visits a specially crafted site. SecurityWeek report provides the breakdown.
Malwarebytes notes that the updates bring version numbers to iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2 and Safari 26.5.2, and specifically resolve over two dozen WebKit bugs alongside a handful of kernel and IOGPUFamily issues. The patches also tighten extension permissions to prevent malicious add‑ons from accessing sensitive data. Malwarebytes article has the details.
SecurityAffairs highlights that four of the WebKit vulnerabilities were uncovered with the assistance of AI tools such as Claude and Codex, marking a shift in how Apple approaches flaw detection. The ISC Sans diary confirms that none of the addressed issues are currently known to be exploited in the wild and that no threat actors have been linked to the flaws. SecurityAffairs piece and ISC Sans diary cover these points.
Defenders should ensure that all Apple devices are set to receive automatic updates or manually check for the latest builds in Settings on iOS and iPadOS or System Preferences on Macs. After updating, administrators can verify the version numbers to confirm that the 26.5.2 releases are active. Monitoring logs for unexpected browser crashes or unusual outbound connections can help catch any exploitation attempts that might have slipped through.
Given the role of AI in identifying these flaws, security teams may want to review their own threat‑hunting workflows and consider how machine‑learning assisted code analysis could surface similar issues in internal applications. Staying informed about Apple’s security announcements and applying patches without delay remains the most effective defence against the described risks.