APPLE has issued security updates for iOS, iPadOS, macOS Tahoe and Safari that patch more than two dozen weaknesses in the WebKit engine according to its support page. The releases cover iOS 26.5.2, macOS Tahoe 26.5.2 and Safari 26.5.2 and aim to stop attackers from stealing data or executing code via malicious web content.
The updates fix a range of memory corruption bugs and permission handling issues in browser extensions that could be triggered by specially crafted HTML. Malwarebytes notes that the update addresses roughly two dozen WebKit issues in its report while the Internet Storm Center records twenty eight flaws patched in its diary entry.
SecurityAffairs highlights that four of the flaws were uncovered with the help of AI tools such as Claude and Codex in its coverage. Those flaws could cause the browser to crash when processing malicious web content, although none were seen in active attacks at the time of release.
Apple’s advisories state that none of the patched vulnerabilities are known to have been exploited in the wild and no threat actors have been linked to the issues. The rapid rollout reflects a shift towards faster patching driven by the speed at which AI can discover and potentially weaponise similar bugs.
Users should install the updates as soon as possible by opening Settings on iOS devices or System Preferences on Macs and checking for software updates. Enabling automatic updates ensures that future fixes are applied without delay and reduces the window of exposure to web based attacks.
Organisations should verify that all managed devices are running iOS 26.5.2, macOS Tahoe 26.5.2 or Safari 26.5.2 and review any custom browser extensions for unnecessary permissions. Monitoring web traffic for unexpected crashes or odd behaviour can help detect attempts to exploit unpatched remnants.
Applying these patches promptly closes the current gaps and helps defend against future AI assisted discovery of similar issues.