Apple Fixes Multiple Kernel, WebKit, and Data Exposure Flaws in iOS, iPadOS, and watchOS
Apple released security updates for iOS 18.7.7, iPadOS 18.7.7, and watchOS 26.4 to address a wide range of vulnerabilities affecting supported iPhones, iPads, and Apple Watch Series 6 and later. The patches cover core components including Kernel, WebKit, Security, CoreMedia, CoreUtils, Audio, 802.1X, and UIFoundation, with Apple warning that successful exploitation could enable network traffic interception, denial of service, unauthorized access to sensitive data, installed-app enumeration, Keychain access, kernel memory disclosure, and in some cases kernel memory write or Activation Lock bypass.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Apple expands iOS 18.7.7/iPadOS 18.7.7 rollout with DarkSword protections
Apple updated its iOS 18.7.7 and iPadOS 18.7.7 security advisory to say the March 24 release was later expanded to more devices so users with Automatic Updates could receive protections against web attacks called DarkSword. Apple also noted the DarkSword-related fixes had first shipped in 2025.
Apple releases iOS 26.4 and iPadOS 26.4 security updates
Apple published advisory APPLE-SA-03-24-2026-1 for iOS 26.4 and iPadOS 26.4, fixing numerous vulnerabilities across components including Kernel, WebKit, Baseband, Telephony, Mail, Security, Siri, Printing, and Accounts. The update addressed risks such as denial of service, sandbox escape, kernel memory corruption, privacy leaks, installed-app enumeration, Keychain exposure, and multiple web security boundary bypasses.
Apple releases tvOS 26.4 security update
Apple published advisory APPLE-SA-03-24-2026-6 for tvOS 26.4 for Apple TV HD and Apple TV 4K models, addressing multiple vulnerabilities across networking, media, kernel, privacy, sandboxing, and WebKit components. The fixes covered risks including traffic interception, denial of service, app crashes, information disclosure, installed-app enumeration, fingerprinting, kernel memory corruption, and sandbox bypass via malicious web content or crafted files.
Apple releases watchOS 26.4 security update
Apple published advisory APPLE-SA-03-24-2026-7 for watchOS 26.4 for Apple Watch Series 6 and later, fixing multiple vulnerabilities across components such as 802.1X, Accounts, CoreMedia, Kernel, Security, Siri, and WebKit. The patched issues included risks like network traffic interception, unauthorized data access, denial of service, kernel memory disclosure, Keychain access, app enumeration, fingerprinting, and WebKit sandbox or policy bypasses.
Apple releases iOS 18.7.7 and iPadOS 18.7.7 security updates
Apple published advisory APPLE-SA-03-24-2026-2 for iOS 18.7.7 and iPadOS 18.7.7, addressing numerous vulnerabilities affecting supported older iPhone and iPad models. The fixes covered issues including traffic interception, denial of service, sensitive data exposure, kernel flaws, Activation Lock bypass, Keychain access, and multiple WebKit security bypasses.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
About the security content of iOS 18.7.7 and iPadOS 18.7.7 - Apple Support
support.apple.com
Open sourceFull Disclosure: APPLE-SA-03-24-2026-2 iOS 18.7.7 and iPadOS 18.7.7
seclists.org
Open sourceFull Disclosure: APPLE-SA-03-24-2026-7 watchOS 26.4
seclists.org
Open sourceFull Disclosure: APPLE-SA-03-24-2026-6 tvOS 26.4
seclists.org
Open sourceFull Disclosure: APPLE-SA-03-24-2026-1 iOS 26.4 and iPadOS 26.4
seclists.org
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Apple Fixes Broad Set of iOS, macOS, and visionOS Vulnerabilities
Apple released a wide-ranging set of security updates across **iOS**, **iPadOS**, **macOS Tahoe**, **watchOS**, **tvOS**, **visionOS**, **Safari**, and **Xcode**, addressing more than 85 vulnerabilities across core components including the kernel, WebKit, AirPlay, Keychain, and open-source libraries. The updates fix issues that could enable traffic interception, kernel state disclosure, user fingerprinting, installed-app enumeration, Mail privacy bypasses, exposure of deleted Notes content, and crashes from out-of-bounds writes. Apple said it had no reports of in-the-wild exploitation for the vulnerabilities listed in the release notes, but urged users to update, with particular importance for older devices and managed macOS environments. Among the patched flaws is **`CVE-2024-27828`**, a high-severity memory-handling bug in **IOSurfaceRoot** that could let a local app trigger a kernel panic or execute arbitrary code with kernel privileges. STAR Labs said the issue stemmed from a reference count leak in `IOSurfaceRootUserClient::s_create_shared_event`, where repeated calls with crafted input could corrupt memory handling; the flaw affected iOS and iPadOS before 17.5, tvOS before 17.5, watchOS before 10.5, and visionOS before 1.2. Apple addressed the bug through improved memory handling, adding it to a broader pattern of fixes spanning both current and legacy Apple platforms.
May 25, 2026
Apple Security Updates Address Multiple Vulnerabilities Including an In-the-Wild Exploited Memory Corruption Flaw
Apple issued security updates across its ecosystem to address **multiple vulnerabilities** affecting *iOS, iPadOS, macOS, tvOS, watchOS,* and *visionOS*, with impacts including **remote code execution (RCE)**, denial of service, elevation of privilege, information disclosure, data manipulation, and security restriction bypass. HKCERT highlighted **CVE-2026-20700** as a **high-risk** issue and noted it is **being exploited in the wild**; the flaw is described as an **improper restriction of operations within the bounds of a memory buffer** that could allow arbitrary code execution when an attacker has memory-write capability. Apple’s iOS 26.3 and iPadOS 26.3 security content includes fixes for issues that could expose sensitive information on a locked device (e.g., **CVE-2026-20645** and **CVE-2026-20674**) and a Bluetooth-related denial-of-service condition where a privileged network attacker could trigger DoS using crafted packets (**CVE-2026-20650**). The updates apply to **iPhone 11 and later** and a range of supported iPad models, and Apple reiterated its policy of publishing details after patches are available.
May 12, 2026
Apple security updates addressing actively exploited iOS and macOS vulnerabilities
Apple published multiple security advisories across iOS/iPadOS, macOS, and watchOS releases that include fixes for vulnerabilities reported as **actively exploited** in the wild. Notable exploited issues include iOS/iPadOS 15.6.1 fixes for **kernel** and **WebKit** out-of-bounds writes enabling arbitrary code execution (`CVE-2022-32894`, `CVE-2022-32893`), iOS/iPadOS 16.3.1’s exploited **WebKit** type confusion leading to code execution (`CVE-2023-23529`), and iOS/iPadOS 15.7.5 plus macOS Big Sur 11.7.6 addressing an **IOSurfaceAccelerator** out-of-bounds write that could yield kernel-level code execution (`CVE-2023-28206`) alongside an exploited **WebKit** use-after-free (`CVE-2023-28205`). Apple also shipped iOS/iPadOS 16.6.1 and macOS Ventura 13.5.2 updates to remediate an exploited **ImageIO** buffer overflow (`CVE-2023-41064`) and an exploited **Wallet** attachment validation issue that could allow code execution (`CVE-2023-41061`). Separately, Apple’s iOS 17.0.1 and watchOS 9.6.3 advisories describe two vulnerabilities (`CVE-2023-41991`, `CVE-2023-41992`) reported by **Citizen Lab** and Google’s **Threat Analysis Group** as exploited against versions prior to iOS 16.7, involving **signature validation bypass** and **local privilege escalation**. Other referenced advisories (e.g., iOS/iPadOS 16.7, iOS/iPadOS 17.2, iOS/iPadOS 18.1, iOS/iPadOS 18.3, macOS Sequoia 15.1, iOS/iPadOS 26.1, macOS Tahoe 26.1, iOS/iPadOS 26.2) primarily enumerate additional CVEs and privacy/logic/memory-safety fixes but do not clearly tie to the same specific exploited-vulnerability disclosures, indicating they are broader platform security bulletins rather than part of a single incident response.
Mar 21, 2026