Critical WebKit Fixes Dominate Apple’s Latest Security Update
Apple has released security updates for iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, addressing more than two dozen vulnerabilities. The majority of these flaws are found in WebKit, the browser engine that powers Safari and all other browsers on iPhone and iPad, including Chrome, Firefox, and Edge. Security researchers have noted that several of these issues could be chained together, potentially allowing attackers to steal data or execute malicious code with minimal user interaction.
The patched vulnerabilities include use-after-free bugs, memory corruption issues, and cross-origin logic errors that could be triggered merely by loading a malicious webpage. The impact ranges from browser crashes to memory corruption and data leakage across open tabs.
Additional Fixes and Update Guidance
Beyond WebKit, Apple also addressed issues in Web Extensions, permission handling, libxslt, and WebRTC. These fixes prevent browser extensions or websites from accessing more data than intended. While none of these vulnerabilities are known to have been exploited in the wild, the technical details have been publicly known during beta testing, increasing the urgency for users to update.
Users should update their devices through Settings > General > Software Update on iOS/iPadOS, or the Apple menu > System Settings > General > Software Update on macOS. Safari updates are included with macOS updates. Affected devices include iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, and Macs running macOS Tahoe, Sonoma, or Sequoia.
Source: Malwarebytes

