On June 30, 2026, Apple released crucial security updates targeting iOS, macOS, and the Safari browser. These updates fix over 30 vulnerabilities, including several found using advanced AI tools like Anthropic Claude and OpenAI Codex Security. Notably, the updates address four significant WebKit vulnerabilities that could pose serious risks.
WebKit Vulnerabilities Highlighted
The WebKit engine, integral to Apple’s browser technology, was found to have multiple security flaws. Among these, CVE-2026-43707 was identified as a memory corruption issue, which could lead to process crashes if exploited through malicious web content. Improved memory handling has been implemented to resolve this.
Another critical flaw, CVE-2026-43716, also stemmed from memory handling issues, potentially causing Safari crashes. Similarly, CVE-2026-43745 involved an out-of-bounds write issue, leading to unexpected browser crashes. These issues have been mitigated with enhanced input validation. Lastly, CVE-2026-43715 was a use-after-free problem, which could corrupt memory during the processing of web content, now addressed by improved memory management.
Contributors and Additional Vulnerabilities
The first three WebKit vulnerabilities were identified by OpenAI Codex Security, while Anthropic researchers Milad Nasr and Nicholas Carlini, along with AI tool Claude, contributed to discovering CVE-2026-43715. In total, nearly 30 vulnerabilities were patched in WebKit, including issues like a use-after-free bug in WebKit Canvas (CVE-2026-43720) and another flaw that could allow restricted web content processing outside a sandbox (CVE-2026-43725).
Beyond WebKit, Apple addressed three significant bugs that could be exploited by malicious apps to leak sensitive kernel information (CVE-2026-43722), cause unexpected system shutdowns, or write to kernel memory (CVE-2026-43724), and corrupt kernel memory (CVE-2026-39868). Researcher Hyunwoo Kim was credited for reporting the latter two vulnerabilities.
Apple’s Proactive Approach
The updates are available for iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2. Apple noted that none of these vulnerabilities were known to be actively exploited in the wild. However, the company emphasized the importance of timely updates, especially in the face of AI’s potential to accelerate exploit development.
In a statement to Reuters, Apple highlighted its commitment to reducing the time between vulnerability disclosure and patch deployment. This move aims to preemptively counter the rapid spread of exploits facilitated by AI tools, underscoring the tech giant’s dedication to user security.
Apple’s swift response and proactive measures illustrate the evolving landscape of cybersecurity, where artificial intelligence plays an increasingly pivotal role in both the discovery and mitigation of vulnerabilities.
