{"id":239975,"date":"2026-06-30T07:15:32","date_gmt":"2026-06-30T12:15:32","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/06\/apple-patches-30-ios-macos-safari-flaws-including-ai-discovered-webkit-bugs"},"modified":"2026-06-30T07:15:32","modified_gmt":"2026-06-30T12:15:32","slug":"apple-patches-30-ios-macos-safari-flaws-including-ai-discovered-webkit-bugs","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/06\/apple-patches-30-ios-macos-safari-flaws-including-ai-discovered-webkit-bugs","title":{"rendered":"Apple Patches 30+ iOS, macOS, Safari Flaws, Including AI-Discovered WebKit Bugs"},"content":{"rendered":"<p style=\"padding-right: 20px\"><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/apple-patches-30-ios-macos-safari-flaws-including-ai-discovered-webkit-bugs2.jpg\"><\/a><\/p>\n<p>The four vulnerabilities are part of nearly 30 vulnerabilities that have been patched in WebKit, an open-source web browser engine developed by Apple. Others include a use-after-free issue in WebKit Canvas (CVE-2026\u201343720) and a vulnerability that could be exploited by a malicious website to process restricted web content outside the sandbox (CVE-2026\u201343725).<\/p>\n<p>Apple has also remediated three bugs that could be exploited by a malicious app to leak sensitive kernel state (CVE-2026\u201343722), cause unexpected system termination or write kernel memory (CVE-2026\u201343724), or corrupt kernel memory (CVE-2026\u201339868). Security researcher Hyunwoo Kim, who discovered <a href=\"https:\/\/thehackernews.com\/2026\/05\/linux-kernel-dirty-frag-lpe-exploit.html\">Dirty Frag<\/a>, has been credited with discovering and reporting CVE-2026\u201343724 and CVE-2026\u201343722.<\/p>\n<p>The updates are available for <a href=\"https:\/\/support.apple.com\/en-us\/127594\">iOS 26.5.2, iPadOS 26.5.2<\/a>, <a href=\"https:\/\/support.apple.com\/en-us\/127595\">macOS Tahoe 26.5.2<\/a>, and <a href=\"https:\/\/support.apple.com\/en-us\/127685\">Safari 26.5.2<\/a>. None of the patched vulnerabilities has been disclosed as actively exploited in the wild.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The four vulnerabilities are part of nearly 30 vulnerabilities that have been patched in WebKit, an open-source web browser engine developed by Apple. Others include a use-after-free issue in WebKit Canvas (CVE-2026\u201343720) and a vulnerability that could be exploited by a malicious website to process restricted web content outside the sandbox (CVE-2026\u201343725). Apple has also [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,1492],"tags":[],"class_list":["post-239975","post","type-post","status-publish","format-standard","hentry","category-robotics-ai","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/239975","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=239975"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/239975\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=239975"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=239975"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=239975"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}