Apple Patches Over Three Dozen Flaws, Four Discovered by AI Tools
Apple has released critical security updates across its operating systems and Safari browser, addressing over 36 vulnerabilities. Notably, four of these flaws within **WebKit** were identified with the assistance of artificial intelligence tools, including **Anthropic Claude** and **OpenAI Codex Security**. This development underscores the growing role of AI in both vulnerability discovery and, potentially, exploit development.

**Apple** on Monday rolled out significant security updates for **iOS**, **macOS**, and the **Safari** web browser. These patches tackle more than three dozen vulnerabilities, with a particular focus on the **WebKit** engine.
### AI-Assisted Vulnerability Discovery
Four of the patched **WebKit** vulnerabilities were uniquely identified with the aid of AI tools. **OpenAI Codex Security** is credited with discovering three of these, while **Anthropic** researchers Milad Nasr and Nicholas Carlini, in conjunction with **Claude**, found another.
These AI-discovered flaws include:
* **CVE-2026-43707**: A memory corruption issue leading to an unexpected process crash when processing malicious web content. Addressed with improved memory handling.
* **CVE-2026-43716**: An unspecified issue causing unexpected **Safari** crashes from malicious web content. Resolved through enhanced memory handling.
* **CVE-2026-43745**: An out-of-bounds write issue potentially leading to an unexpected **Safari** crash when processing malicious web content. Fixed with improved input validation.
* **CVE-2026-43715**: A use-after-free issue that could result in memory corruption when processing maliciously crafted web content. Addressed with improved memory management.
### Broader WebKit and Kernel Fixes
Beyond the AI-identified issues, nearly 30 additional vulnerabilities in **WebKit** have been remediated. These include a use-after-free vulnerability in **WebKit Canvas** (**CVE-2026-43720**) and a flaw (**CVE-2026-43725**) that could allow a malicious website to process restricted web content outside its sandbox.
**Apple** also addressed three critical kernel bugs. These could be exploited by malicious applications to leak sensitive kernel state (**CVE-2026-43722**), cause unexpected system termination or write to kernel memory (**CVE-2026-43724**), or corrupt kernel memory (**CVE-2026-39868**). Security researcher Hyunwoo Kim, known for discovering **Dirty Frag**, is credited with reporting **CVE-2026-43724** and **CVE-2026-43722**.
### Proactive Patching in the Age of AI
The updates are available for **iOS 26.5.2**, **iPadOS 26.5.2**, **macOS Tahoe 26.5.2**, and **Safari 26.5.2**. Crucially, **Apple** has not disclosed any evidence of these vulnerabilities being actively exploited in the wild.
In a statement to Reuters, **Apple** indicated that these security updates are being released earlier than usual. This accelerated timeline is a direct response to concerns that AI tools could significantly speed up the development of exploits, potentially shrinking the window between vulnerability discovery and weaponization to mere hours. The company emphasized its adaptation to the reality that AI's ability to hasten malicious hacking tool development necessitates reducing the time between public updates and their deployment to customers.