Apple fixes Safari WebKit use-after-free and 30+ flaws across iOS, iPadOS, and macOS
Apple released security updates for Safari, iOS, iPadOS, and macOS to fix more than 30 vulnerabilities, including the high-severity Safari/WebKit flaw CVE-2026-43715, a remotely exploitable use-after-free bug triggered by maliciously crafted web content. Apple said the issue could lead to memory corruption and addressed it with improved memory management in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2; the flaw carries a CVSS 8.8 rating.
The broader patch set also remediates additional WebKit and kernel vulnerabilities that could cause crashes, sensitive data exposure, sandbox escape, and kernel memory corruption. Apple said none of the flaws were known to be exploited in the wild, but it is accelerating patch delivery because AI-assisted research may shorten the gap between vulnerability discovery and weaponization; several of the WebKit bugs were identified with help from OpenAI Codex Security and researchers using Anthropic Claude.

Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Apple issues out-of-band iOS and iPadOS update over AI concerns
Apple released an unexpected out-of-band update, iOS 25.6.2, for iOS and iPadOS, citing concern that AI is shortening the time between vulnerability discovery and exploitation. Apple said it had no evidence the flaws fixed in this update were already being exploited.
Apple releases updates fixing 30+ iOS, macOS, and Safari flaws
Apple released security updates for iOS, iPadOS, macOS, and Safari to address more than three dozen vulnerabilities, including multiple WebKit and kernel-related issues. Apple said none of the vulnerabilities fixed in these releases had been reported as exploited in the wild.
Apple fixes Safari use-after-free flaw CVE-2026-43715
Apple fixed CVE-2026-43715, a high-severity use-after-free vulnerability in Safari, with improved memory management. The patch was released in Safari 26.5.2, iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Update time: Apple releases security patches for iOS, MacOS Tahoe, Safari - Malware News - Malware Analysis, News and Indicators
malware.news
Open sourceApple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools - Security Affairs
securityaffairs.com
Open sourceApple is speeding up software patching due to AI security concerns - here’s what you need to know | IT Pro
itpro.com
Open sourceApple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs
thehackernews.com
Open sourceCVE-2026-43715 - Apple Safari Use-After-Free
cvefeed.io
Open sourceAbout the security content of Safari 26.5.2 - Apple Support
support.apple.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.


