Apple has deployed urgent security updates for iOS, macOS, and Safari, addressing over three dozen vulnerabilities. Notably, artificial intelligence (AI) tools from OpenAI and Anthropic played a significant role in identifying four critical WebKit flaws, prompting Apple to accelerate its patch release schedule due to the growing threat of AI-assisted cyberattacks.
Apple Bolsters Ecosystem Against Evolving Threats
Apple recently rolled out crucial security updates for its operating systems and web browser, patching more than 30 vulnerabilities across iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2, alongside Safari. These updates, released on Monday, June 29, 2026, were expedited in response to the increasing pace of AI-powered hacking tools.
AI Accelerates Vulnerability Discovery in WebKit
Among the extensive list of fixes, four significant vulnerabilities within WebKit, Apple's open-source web browser engine, were discovered with the assistance of advanced AI tools. WebKit is a foundational component powering Safari, Mail, and numerous other applications across Apple's ecosystem and Linux. The identification of these critical bugs highlights the evolving landscape of cybersecurity, where AI is increasingly employed in both offensive and defensive capacities. According to Apple, the company is adapting to the reality that artificial intelligence can significantly speed up the development of malicious hacking tools, necessitating a quicker turnaround for security patches. For more details on Apple's security advisories, visit the official Apple security releases page.
Deep Dive into AI-Discovered WebKit Vulnerabilities
The four WebKit vulnerabilities, identified with AI assistance, posed various risks from memory corruption to unexpected application crashes. Three of these critical defects were credited to OpenAI Codex Security, while Anthropic researchers Milad Nasr and Nicholas Carlini, leveraging their Claude AI, were acknowledged for discovering another.
"The company told Reuters on Monday it was adapting to the reality that, given the ability of artificial intelligence to speed the development of malicious hacking tools, it needed to reduce the time between when updates were first made public and when they were put into customers' hands." — Apple, via Reuters
Specifically, the patched WebKit flaws include:
- CVE-2026-43707: A memory corruption issue that could lead to an unexpected process crash when processing maliciously crafted web content. This was resolved through improved memory handling, with credit given to Amy Burnett from OpenAI Codex Security.
- CVE-2026-43716: An unspecified issue that could cause Safari to crash unexpectedly when handling malicious web content, addressed with enhanced memory handling.
- CVE-2026-43745: An out-of-bounds write vulnerability that could result in an unexpected Safari crash when processing maliciously crafted web content, fixed by improved input validation.
- CVE-2026-43715: A use-after-free issue that could lead to memory corruption when processing malicious web content. This was addressed with improved memory management, credited to Milad Nasr and Nicholas Carlini with Claude, Anthropic.
These four are part of nearly 30 vulnerabilities patched within WebKit. Other significant WebKit fixes include CVE-2026-43720, a use-after-free issue in WebKit Canvas, and CVE-2026-43725, which could allow a malicious website to process restricted web content outside its designated sandbox. Additionally, Apple remediated three kernel bugs, including CVE-2026-43722, which could be exploited by a malicious application to leak sensitive kernel state.
What This Means
The proactive release of these patches underscores a critical shift in how major technology companies are approaching cybersecurity. The involvement of AI in discovering vulnerabilities, particularly by entities like OpenAI's Codex Security and Anthropic's Project Glasswing, signifies a new era in defensive security. OpenAI Codex Security functions as an AI application security agent, designed to identify, validate, and propose fixes for complex vulnerabilities by building deep context about a project. Similarly, Anthropic's Project Glasswing utilizes its advanced Claude Mythos Preview model, which has demonstrated the capability to surpass human experts in finding and exploiting software vulnerabilities. This collaboration between AI developers and tech giants is becoming essential in a world where threat actors also leverage AI to accelerate their attacks. Users must prioritize updating their devices promptly to mitigate these rapidly emerging risks.
Key Points
- Apple released iOS 26.5.2, macOS Tahoe 26.5.2, and Safari updates on June 29, 2026.
- The updates address over 30 security flaws, including four critical WebKit vulnerabilities.
- OpenAI Codex Security and Anthropic's Claude AI were credited for discovering these WebKit bugs.
- Apple accelerated the release due to concerns about AI-assisted malicious hacking.
- No evidence suggests these newly patched vulnerabilities were actively exploited.
The Bottom Line
The latest security updates from Apple are a stark reminder of the escalating cyber threat landscape, driven partly by the dual-use nature of artificial intelligence. While AI tools are proving invaluable in uncovering vulnerabilities, they also empower adversaries. Users should immediately update their Apple devices to the latest versions to ensure protection against these sophisticated flaws. The ongoing collaboration between AI research firms and platform developers will be crucial in staying ahead of emerging threats.