Full Report
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below - CVE-2026-43707 - A memory corruption issue that could result in an
Analysis Summary
# Vulnerability: Multiple AI-Discovered WebKit and Kernel Flaws
## CVE Details
- **CVE IDs:**
- **WebKit (AI-Discovered):** CVE-2026-43707, CVE-2026-43716, CVE-2026-43745, CVE-2026-43715
- **WebKit (Other):** CVE-2026-43720, CVE-2026-43725
- **Kernel:** CVE-2026-43722, CVE-2026-43724, CVE-2026-39868
- **CVSS Score:** N/A (Projected High/Critical based on remote code execution potential)
- **CWE:** CWE-119 (Memory Corruption), CWE-787 (Out-of-bounds Write), CWE-416 (Use-after-free)
## Affected Systems
- **Products:** iOS, iPadOS, macOS, Safari
- **Versions:**
- iOS and iPadOS versions prior to 26.5.2
- macOS versions prior to "Tahoe" 26.5.2
- Safari versions prior to 26.5.2
- **Configurations:** Systems processing untrusted web content or running malicious third-party applications.
## Vulnerability Description
This advisory covers over 30 security flaws, notably four WebKit vulnerabilities identified using LLMs (Anthropic Claude and OpenAI Codex).
* **Memory Corruption (CVE-2026-43707, CVE-2026-43716):** Faulty memory handling during web content processing leads to application crashes and potential code execution.
* **Out-of-bounds Write (CVE-2026-43745):** Improper input validation allows data to be written outside intended buffer boundaries.
* **Use-after-free (CVE-2026-43715, CVE-2026-43720):** Vulnerabilities where the engine references memory after it has been freed, potentially allowing for arbitrary code execution.
* **Sandbox Escape (CVE-2026-43725):** Allows malicious sites to access restricted content outside the browser's security sandbox.
* **Kernel Flaws:** Issues ranging from sensitive state protein leaks to kernel memory corruption (CVE-2026-39868) and system termination.
## Exploitation
- **Status:** Not currently exploited in the wild.
- **Complexity:** Medium (Requires crafting specific malicious web content).
- **Attack Vector:** Network (Remote via Safari/WebKit) and Local (via malicious apps for Kernel exploits).
## Impact
- **Confidentiality:** High (Potential for sensitive kernel state leaks and unauthorized data access).
- **Integrity:** High (Potential for arbitrary code execution and memory corruption).
- **Availability:** High (Can lead to unexpected process crashes and system termination).
## Remediation
### Patches
Apple has released the following security updates:
- **iOS 26.5.2**
- **iPadOS 26.5.2**
- **macOS Tahoe 26.5.2**
- **Safari 26.5.2**
### Workarounds
No official workarounds provided. Users are strongly advised to apply the security updates immediately, as Apple accelerated this release cycle specifically to counter the speed of AI-driven exploit development.
## Detection
- **Indicators of Compromise:** Unusual Safari or system crashes when visiting specific URLs; unexpected kernel panics.
- **Detection methods and tools:** Monitor for abnormal WebKit process behavior using system logs. Ensure EDR tools are updated to recognize memory corruption patterns associated with these CVEs.
## References
- Apple Support Advisories: [https://support.apple.com/en-us/100100]
- iOS/iPadOS Security Details: [https://support.apple.com/en-us/127594]
- macOS Tahoe Security Details: [https://support.apple.com/en-us/127595]
- Safari Security Details: [https://support.apple.com/en-us/127685]