Apple Patches 30+ iOS and macOS Security Flaws, Some Found With AI
On Monday, June 29, 2026, Apple released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2 to fix more than 30 security flaws. Among them, four vulnerabilities in the WebKit engine were discovered with the help of AI, including Claude from Anthropic and Codex Security from OpenAI. None are believed to have been exploited so far. Here’s what you need to know.
More than thirty flaws fixed, including four found by AI
This batch of updates is purely meant to strengthen the security of Apple’s OSes and tools. The vast majority affect WebKit, Apple’s open-source rendering engine that powers Safari and third-party browsers on iPhone.
Four WebKit vulnerabilities were identified with the help of AI: a trend that is now being seen across all vendors, and Apple is no exception. These security flaws are:
- CVE-2026-43707: a memory corruption issue that could cause an unexpected process crash when processing malicious content on a web page.
- CVE-2026-43716: an issue that causes Safari to crash through malicious web content.
- CVE-2026-43745: an out-of-bounds write that could crash Safari.
- CVE-2026-43715: a use-after-free leading to memory corruption when processing malicious web content.
The first three flaws were credited by Apple to Codex Security (OpenAI), while the fourth one (CVE-2026-43715) was reported by Anthropic researchers Milad Nasr and Nicholas Carlini, with help from Claude.
Apple also patched three kernel-level flaws: CVE-2026-43722, CVE-2026-43724, and CVE-2026-39868, the last of which could lead to kernel memory corruption. Hyunwoo Kim discovered CVE-2026-43724 and CVE-2026-43722. That name may not ring a bell, but he is the researcher behind the discovery of the Dirty Frag flaw in the Linux kernel.
One bit of good news: according to Apple, none of these vulnerabilities are believed to have been exploited by cybercriminals. As you know, that situation can change quickly.
Apple breaks its usual update rhythm
There is an interesting detail about these new security updates released by Apple. In general, Apple bundles its security fixes into the next version of its operating system (here, the move from 26.5 to 26.6). Standalone security updates are usually reserved for already exploited zero-days, such as when the company fixed its first zero-day of 2026. Yet this time, Apple did not patch a single zero-day, so it is surprising to see a change in the release cadence.
In a statement reported by Reuters, Apple said it is adapting to a new reality: since AI is speeding up the development of hacking tools, it needed to shorten the time between when a fix is made public and when it actually reaches users’ devices. This change by Apple could therefore happen again in the future.
From now on, if you use Apple hardware, you should install the latest system version: iOS 26.5.2 for iPhone, iPadOS 26.5.2 for iPad, and macOS Tahoe 26.5.2 for Macs. On the web browser side, there is also Safari 26.5.2. Keep in mind that most of the flaws patched by Apple with these updates can be triggered simply by visiting a malicious website.
Find all the details on Apple’s website.

