APPLE has released security updates for iOS, iPadOS, macOS and Safari after internal AI tools uncovered four WebKit flaws that could trigger crashes when processing malicious web content, as detailed in the company’s advisory.
The four issues have not yet been assigned CVE identifiers but are tracked internally by Apple. They arise from improper handling of specially crafted HTML and JavaScript, which can cause the WebKit rendering engine to stop responding. Security engineers said the flaws were found using AI assistants such as Claude and Codex during routine code analysis.
Apple issued the fixes in iOS and iPadOS 26.5, macOS Tahoe 26.5 and also made them available for macOS Sequoia 15.7.7, macOS Sonoma 14.8.7 and earlier releases. The updates address a broader set of WebKit problems that could lead to denial of service or information disclosure, although the company said none of the flaws are known to have been exploited in the wild, according to SecurityWeek.
Security researchers note that while no active exploitation has been seen, the speed at which AI can pinpoint weaknesses means attackers could potentially use similar techniques to find and weaponize flaws before defenders react. Apple’s decision to ship these patches outside its regular release cycle signals a shift toward faster, more reactive updates, as highlighted by SecurityAffairs.
Defenders should prioritize installing the latest Apple builds on all managed devices and enable automatic update mechanisms where policy permits. They should also review Safari and WebKit logs for repeated crash spikes that might indicate attempted exploitation of the patched issues.
Maintaining an up‑to‑date inventory of Apple endpoints, testing the patches in a non‑production environment first, and sharing any unusual web‑related alerts with the SOC will help ensure the fixes are effective without disrupting user experience.