惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
C
CERT Recently Published Vulnerability Notes
C
Cisco Blogs
Cloudbric
Cloudbric
The Last Watchdog
The Last Watchdog
L
LINUX DO - 热门话题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Security Archives - TechRepublic
Security Archives - TechRepublic
TaoSecurity Blog
TaoSecurity Blog
V2EX - 技术
V2EX - 技术
H
Heimdal Security Blog
S
Security Affairs
L
Lohrmann on Cybersecurity
Hacker News - Newest:
Hacker News - Newest: "LLM"
Simon Willison's Weblog
Simon Willison's Weblog
WordPress大学
WordPress大学
小众软件
小众软件
Security Latest
Security Latest
AWS News Blog
AWS News Blog
Apple Machine Learning Research
Apple Machine Learning Research
GbyAI
GbyAI
Engineering at Meta
Engineering at Meta
阮一峰的网络日志
阮一峰的网络日志
罗磊的独立博客
F
Full Disclosure
S
Schneier on Security
L
LangChain Blog
MyScale Blog
MyScale Blog
Know Your Adversary
Know Your Adversary
P
Privacy International News Feed
Google Online Security Blog
Google Online Security Blog
Scott Helme
Scott Helme
Stack Overflow Blog
Stack Overflow Blog
爱范儿
爱范儿
A
Arctic Wolf
Martin Fowler
Martin Fowler
B
Blog RSS Feed
大猫的无限游戏
大猫的无限游戏
博客园 - 三生石上(FineUI控件)
The Register - Security
The Register - Security
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
博客园_首页
Latest news
Latest news
F
Fortinet All Blogs
G
GRAHAM CLULEY
T
The Exploit Database - CXSecurity.com
Hacker News: Ask HN
Hacker News: Ask HN

Lifehacker

This Compact Anker Portable Power Station Is 50% Off Right Now This Massive Data Breach Compromised Nearly 7 Million Driver The Best Sales on Headphones and Earbuds Right Now This Browser Extension Hides The Premium Sonos Ace Headphones Are $120 Off Right Now DuckDuckGo Can Now Block Ads on YouTube 10 Shows Like Three Ways to Get Used to Exercising in the Heat The Best Books, Movies, Video Games, and Podcasts to Check Out After Watching ‘Mad Men’ Meta Just Patched a Major Privacy Flaw With Its Smart Glasses Six Ways iOS 27 Is Making AirPods Easier to Use on iPhone Meta Now Lets Anyone Generate AI Images With Your Instagram Posts, but You Can Stop It This Job Interview Scam Is a Ploy to Steal Your Google Credentials This Massive 85-Inch Toshiba Mini-LED TV Is 30% Off Right Now This Complete Philips Smart Door Lock Bundle Is 40% Off Right Now Here 5 Hacks Every Suunto Run User Should Know I Love My CanvasTV, and It This Massive Hisense U7 QLED TV Is 43% Off, Its Lowest Price Ever This Samsung Soundbar and Subwoofer Combo Is $80 Off Right Now Why Your Hands Swell When You Run or Walk, and What to Do About It Now That Sony Is Ending Physical Media, Is It Possible to Make Your Own PlayStation Discs? Lifehacker You Only Have One Real Choice Now That Samsung Messages Is Officially Dead 10 Shows Like the Live-Action These Milwaukee Tools Are up to 55% Off Right Now at Home Depot These YouTube TV Subscribers Are Eligible for a Payout From This Disney Settlement This 32-Inch Roku TV Is Under $100 Right Now This Hisense 55-Inch Mini-LED TV Is 38% Off Right Now Which Is the Better Watch Display: MIP vs. AMOLED Amazon Prime Members Can Get Two Free E-Books in July Five Hacks Every Garmin Forerunner 970 User Should Know TCL This Three-in-One Anker Charger Is $50 Off Right Now This Midrange Samsung Galaxy Phone Just Hit Its Lowest Price Ever The Best Private Messaging App Isn’t WhatsApp or Signal, It’s Delta Chat I Compared Siri AI to Gemini on iPhone and There 10 Shows Like The Best Books, Movies, Video Games, and Podcasts to Check Out After Watching The Most Versatile DeWalt Cordless Tool I Use Is 55% Off for Lowe’s 4th of July Sale These Cordless Power Tools Are up to 55% Off for Home Depot’s 4th of July Sale 10 Hacks Every MacBook Pro User Should Know 10 Hacks Every Fitbit Air User Should Know The Top 10 TV Series Right Now, According to Streaming Data Don 5 Hacks Every Amazfit User Should Know Opera Just Rolled Out a Way to Block ClickFix Attacks in Its Browser I Tried Proton’s Privacy-First AI Chatbot to See If It’s Better Than ChatGPT The Top 10 Movies Right Now, According to Streaming Data This Complete Samsung Soundbar System Is $400 Off Right Now These Bose QuietComfort Headphones Are at Their Lowest Price Ever Right Now 10 Hacks Every Apple Home User Should Know Nine Subtle Signs Your Accounts or Devices Have Been Hacked 5 Hacks Every Shokz User Should Know Meta Just Added a Paywall for One of Its Best Smart Glasses Features 10 Hacks Every MacBook Air User Should Know How to Tell the Difference Between Heat Exhaustion and Heat Stroke This Samsung Gemini Spark Is Now Available on Mac, but Is It Worth the Risk? 30 Absurdly Patriotic Movies to Stream for the Fourth of July Apple This Google Indoor Nest Camera Is 35% Off Right Now This Samsung Dolby Atmos Soundbar Is 42% Off Right Now Sun Shirts Are the Underrated Hero of Summer Exercise 10 Hacks Every Discord User Should Know Why I Always Check the Wet Bulb Temperature Before Exercising Outside in Summer Netflix Just Started Requiring Separate Emails, but There The Best Books, Movies, Video Games, and Podcasts to Check Out After Watching The Out of Touch Adults 10 Shows Like These Beats Earbuds Are 47% Off Right Now This Floatable Anker Speaker Is Now $40 Off The Best Deals on Tech Essentials Still Available After Prime Day Garmin WhatsApp Is Replacing Phone Numbers With Usernames Your T-Mobile Bill Might Be Going Up You Can Still Save up to 77% on Smart Glasses After Prime Day These Garmin Watches Are Still on Sale After Prime Day These Bluetooth Speakers Are Still on Sale for up to 50% off After Prime Day I Wore Amazfit for Hyrox Training, and Their Watches Are Still on Sale After Prime Day I Think Suunto Fitness Watches Are Way Underrated, and Still on Sale After Prime Day Every Fitbit With a Screen Is Still on Sale after Prime Day, up to 50% Off These Apple Devices Are Still on Sale After Prime Day These Fitness Wearables Are Still on Sale After Prime Day I Your End-to-End Encrypted Messages Aren Split Tunneling Is Your VPN This 75-Inch Sony Mini-LED TV Is a Brighter OLED Alternative, and It’s $1,000 Off Right Now That Shop App Receipt You Don This Rugged Bose Bluetooth Speaker Is Over $100 Off Right Now The Best Last-Minute Prime Day Deals on Laptops, Monitors, and PC Accessories You Can Now Use Google Wallet at Airport Security Instead Your ID Whoop These 15 Apple Products Didn These Are the Best Last-Minute Prime Day Deals on Headphones These Portable Projectors Are Still up to 40% Off After Prime Day The Best Last-Minute Prime Day Deals on Amazon Devices, up to 74% Off Prime Day 2026 Live Blog: The Best Deals on Headphones, TVs, Fitness Tech, and More Lifehacker Deals Live Blog: The Best Tech Sales, All in One Place ‘Lowkenuinely,’ ‘Bruzz,’ and Other Gen Z and Gen Alpha Slang You Might Need Help Decoding
Apple Is Changing How It Issues Security Updates Due to Threats From AI
Jake Peterson · 2026-07-03 · via Lifehacker

Jake Peterson

Jake Peterson Senior Technology Editor

Experience

Jake Peterson is Lifehacker’s Tech Editor, and has been covering tech news and how-tos for nearly a decade. His team covers all things technology, including AI, smartphones, computers, game consoles, and subscriptions.

Read Full Bio

Add as a preferred source on Google
Add as a preferred source on Google

We may earn a commission from links on this page.

iphone updating on laptop

Credit: Editorial RF/Getty Images

Key Takeaways

  1. Apple released iOS 26.5.2 on Monday, which comes with patches for 29 security flaws.
  2. None of the flaws patched are zero-days, but it is still important to update as soon as possible.
  3. Many of the flaws relate to how WebKit handles user data, specifically when accessing websites.
  4. Apple is changing how it releases security updates due to threats from models like Anthropic's Mythos.

Table of Contents


While the tech world's collective attention is currently fixed on iOS 27, Apple is still churning out updates to iOS 26. While we're not likely to get another feature-filled release in the "26" era, there will always be bugs and security flaws to squash whenever Apple or third-party researchers discover them. Case in point: On Monday, Apple dropped iOS 26.5.2, which includes fixes for 29 security vulnerabilities.

More interesting than what bugs these patches fix, however, is that the company didn't originally intend to release them yet. In fact, iOS 26.5.2 marks a stark change in how Apple rolls out security updates, in large part due to potential threats from new AI models.

iOS 26.5.2 wasn't always meant to be. Apple told Reuters earlier this week that these patches were actually meant for a future version of iOS—perhaps iOS 26.6—but the company is now changing how it handles security updates going forward, specifically due to the security threats of models like Anthropic's Claude Mythos. These models can easily detect security vulnerabilities in software earlier than human researchers, and, as such, Apple feels it necessary to release patches as soon as they're available. Traditionally, the company bundles security patches with its typical software updates, as opposed to other companies that separate security patches from feature updates. But as these new AI models spread, and the risk of bad actors discovering security vulnerabilities grows, Apple will now release new patches much sooner than it normally would.

As such, you should expect to see more updates appear on your Apple devices than in the past. I wouldn't be surprised to see iOS 26.5.3 hit the scene before an iOS 26.6, and Apple may release more "iOS 26" updates than usual before iOS 27 drops this fall. You should always update your devices whenever those updates become available, as the threat from AI security models really is significant.

Here's what iOS 26.5.2 patches

First, the good news: None of these vulnerabilities appears to be a "zero-day." A zero-day is a security flaw that is publicly disclosed or actively exploited before the software developer has a chance to issue a patch. They're especially dangerous, since it gives hackers the advantage: They can attempt to find an exploit—or, worse, take advantage of that exploit—for as long as it takes the developer to issue an update, and for its user base to install it. Luckily, none of these flaws appear to qualify, meaning this isn't a mission-critical situation. Still, any unpatched security flaw is concerning, and now that these are disclosed, it's only a matter of time before someone figures out how to exploit them—especially when assisted by new AI models. As such, it's important to install iOS 26.5.2 as soon as possible.

What do you think so far?

According to Apple's official security release notes, iOS 26.5.2 (and iPadOS 26.5.2) patches 29 security flaws. Many of the flaws have to do with how WebKit, Apple's engine that powers Safari, secures user data. You'll see some flaws that could expose sensitive data if the user processes malicious web content (e.g., if you click a fraudulent link), as well as one vulnerability that could leak sensitive data just by visiting a website, even if that site isn't necessarily malicious. Another patch handles a flaw that would let malicious websites process data outside of the "sandbox," or the secure element that Apple keeps websites in so they don't venture into secure parts of iOS, while another patches a flaw that could steal clipboard data without your knowledge.

You'll find all 29 patches listed below, along with a description, the fix, and the CVE (Common Vulnerabilities and Exposures) number used to track them. Again, none of these flaws has a known active exploit.

  1. IOGPUFamily: An app may be able to cause unexpected system termination. A race condition was addressed with improved state handling. CVE-2026-43743: Lyutoon, Dun

  2. Kernel: An app may be able to cause unexpected system termination or write kernel memory. The issue was addressed with improved input sanitization. CVE-2026-43724:

  3. Kernel: An app may be able to leak sensitive kernel state. The issue was addressed with improved input sanitization. CVE-2026-43722.

  4. Kernel: An app may be able to cause unexpected system termination or corrupt kernel memory. This issue was addressed with improved input validation. CVE-2026-39868.

  5. libxslt: Processing maliciously crafted web content may lead to an unexpected process crash. A double free issue was addressed with improved memory management. CVE-2026-43706.

  6. libxslt: Processing maliciously crafted web content may lead to an unexpected process crash. The issue was addressed with improved memory handling. CVE-2026-43703.

  7. Web Extensions: A malicious web extension may be able to cause an unexpected process crash. A use-after-free issue was addressed with improved memory management. CVE-2026-43704.

  8. WebKit: Processing maliciously crafted web content may disclose sensitive user information. A cross-origin issue was addressed with improved tracking of security origins. CVE-2026-43700.

  9. WebKit: A malicious website may exfiltrate data cross-origin. The issue was addressed with improved checks. CVE-2026-43735.

  10. WebKit: Processing maliciously crafted web content may lead to an unexpected process crash. A use-after-free issue was addressed with improved memory management. CVE-2026-43734/CVE-2026-43726/CVE-2026-43709/CVE-2026-43699/CVE-2026-43742.

  11. WebKit: Processing maliciously crafted web content may disclose sensitive user information. A path handling issue was addressed with improved validation. CVE-2026-43732.

  12. WebKit: Processing maliciously crafted web content may lead to memory corruption. A use-after-free issue was addressed with improved memory management. CVE-2026-43731/CVE-2026-43715.

  13. WebKit: Processing maliciously crafted web content may lead to an unexpected Safari crash. A use-after-free issue was addressed with improved memory management. CVE-2026-43727.

  14. WebKit: A malicious website may be able to process restricted web content outside the sandbox. The issue was addressed with improved input validation. CVE-2026-43725.

  15. WebKit: Processing maliciously crafted web content may lead to an unexpected process crash. The issue was addressed with improved memory handling. CVE-2026-43663/CVE-2026-39872/CVE-2026-43712.

  16. WebKit: Processing maliciously crafted web content may lead to an unexpected Safari crash. The issue was addressed with improved memory handling. CVE-2026-43716.

  17. WebKit: Processing maliciously crafted web content may lead to an unexpected Safari crash. An out-of-bounds access issue was addressed with improved bounds checking. CVE-2026-43676.

  18. WebKit: Processing maliciously crafted web content may result in the disclosure of process memory. The issue was addressed with improved memory handling. CVE-2026-43740.

  19. WebKit: Visiting a website may leak sensitive data. A permissions issue was addressed with additional restrictions. CVE-2026-43713.

  20. WebKit: A malicious website may exfiltrate data cross-origin. The issue was addressed with improved input validation. CVE-2026-43708.

  21. WebKit: Processing maliciously crafted web content may lead to an unexpected process crash. A memory corruption issue was addressed with improved memory handling. CVE-2026-43707.

  22. WebKit: Processing maliciously crafted web content may lead to memory corruption. A type confusion issue was addressed with improved checks. CVE-2026-43705.

  23. WebKit: A malicious website may be able to process restricted web content outside the sandbox. The issue was addressed with improved checks. CVE-2026-43701.

  24. WebKit: Processing maliciously crafted web content may lead to an unexpected Safari crash. An out-of-bounds write issue was addressed with improved input validation. CVE-2026-43745.

  25. WebKit Canvas: Processing maliciously crafted web content may lead to an unexpected Safari crash. A use-after-free issue was addressed with improved memory management. CVE-2026-43720.

  26. WebKit Storage: A malicious website may be able to silently hijack clipboard data. This issue was addressed through improved state management. CVE-2026-43721.

  27. WebRTC: Processing maliciously crafted web content may lead to an unexpected process crash. An out-of-bounds access issue was addressed with improved bounds checking. CVE-2026-28979.

  28. WebRTC: Processing maliciously crafted web content may lead to an unexpected Safari crash. A stack overflow was addressed with improved input validation. CVE-2026-43718.

  29. WebRTC: Processing maliciously crafted web content may lead to an unexpected Safari crash. A use-after-free issue was addressed with improved memory management. CVE-2026-43717/CVE-2026-43746.

How to update to iOS 26.5.2

Installing this security patch is the same as any other iOS update. If you have Automatic Updates enabled, the OS should update on its own in due time. However, you can manually kick-start the process by heading to General > Software Update and following the on-screen instructions.