Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs – The Hacker News

Home AI Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs – The Hacker News
Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs – The Hacker News

Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security.
The WebKit vulnerabilities are listed below –
The first three security defects have been credited by Apple to OpenAI Codex Security, while Anthropic researchers Milad Nasr and Nicholas Carlini, along with Claude, have been acknowledged for CVE-2026-43715.
The four vulnerabilities are part of nearly 30 vulnerabilities that have been patched in WebKit, an open-source web browser engine developed by Apple. Others include a use-after-free issue in WebKit Canvas (CVE-2026-43720) and a vulnerability that could be exploited by a malicious website to process restricted web content outside the sandbox (CVE-2026-43725).
Apple has also remediated three bugs that could be exploited by a malicious app to leak sensitive kernel state (CVE-2026-43722), cause unexpected system termination or write kernel memory (CVE-2026-43724), or corrupt kernel memory (CVE-2026-39868). Security researcher Hyunwoo Kim, who discovered Dirty Frag, has been credited with discovering and reporting CVE-2026-43724 and CVE-2026-43722.
The updates are available for iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2. None of the patched vulnerabilities has been disclosed as actively exploited in the wild.
In a statement shared with Reuters, Apple said it’s making the security updates much earlier than before in response to concerns that AI tools could accelerate the development of exploits and act as an enabler of cyber warfare, shrinking the window between discovery and weaponization to hours.
The company said “it was adapting to ​the reality that, given the ability of artificial intelligence ​to speed the development of malicious hacking tools, it ⁠needed to reduce the time between when updates were first ​made public and when they were put into customers’ hands,” Reuters reported.
Learn how to uncover hidden AI use, see what data it can access, map every AI action to a human owner, and apply practical governance without heavy infrastructure changes.
Learn how to contain Mythos-style AI attacks with practical Zero Trust controls that reduce exposure, stop lateral movement, and limit risk.
Get the latest news, expert insights, exclusive resources, and strategies from industry leaders, all for free.

source

Leave a Reply

Your email address will not be published.