Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence tools like Anthropic Claude and OpenAI Codex Security.
The four AI-discovered WebKit vulnerabilities include CVE-2026-43707 (memory corruption), CVE-2026-43716 (unspecified crash), CVE-2026-43745 (out-of-bounds write), and CVE-2026-43715 (use-after-free). The first three were credited to OpenAI Codex Security, while Anthropic researchers Milad Nasr and Nicholas Carlini, along with Claude, were acknowledged for CVE-2026-43715.
Apple also patched three kernel bugs discovered by security researcher Hyunwoo Kim (of Dirty Frag fame) that could allow malicious apps to leak sensitive kernel state, cause unexpected system termination, or corrupt kernel memory.
The updates are available in iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2. Notably, Apple said it accelerated the release timeline in response to concerns that AI tools could shrink the window between discovery and weaponization of exploits to mere hours.
None of the patched vulnerabilities have been reported as actively exploited in the wild.