threat-wire

Apple Patches Three Dozen Flaws, Some Found by AI Tools

Apple's latest round of updates fixes more than 30 security bugs across iPhone, iPad, Mac, and Safari, including four in the WebKit browser engine. Some of the flaws were uncovered with help from AI tools. None are known to be under attack yet, which makes this the easy kind of update to install before it matters.

By SecureBusinessHub Editorial, International cybersecurity desk — 2026-06-30 · 4 min read

Apple pushed out security updates on 30 June that close more than three dozen flaws across iPhone, iPad, Mac, and Safari. Nothing here is being exploited yet, as far as anyone has reported. That is the point: this is the cheap update, the one you install on a quiet afternoon instead of in a panic after the bugs turn up in real attacks.

What got fixed

The batch spans iOS, iPadOS, macOS, and Safari. Four of the fixes land in WebKit, the engine that renders web pages on every Apple device. WebKit bugs deserve more attention than the count suggests, because a bad one can be triggered by nothing more than visiting a web page.

One of the WebKit flaws, CVE-2026-43707, is a type confusion bug that can corrupt memory when the browser handles malicious web content. In plain terms, a booby-trapped page could confuse the engine into mishandling data and, in the worst case, run code on the device. It affects iPhone 11 and later along with a long list of recent iPads.

The part worth noticing

Apple credited some of the WebKit work to researchers using AI tooling. CVE-2026-43707 is attributed to OpenAI's Codex Security effort, and The Hacker News reports that Anthropic's Claude was among the tools used to surface bugs in this round. AI-assisted bug hunting has been creeping into vendor advisories for months, and seeing it named on flaws in a product as scrutinised as WebKit is a marker of where vulnerability research is heading.

For a business owner the lesson is not about AI. It is that the gap between a bug being found and a bug being weaponised keeps shrinking, so the habit of patching quickly is worth more every year. The tooling that finds these flaws is available to attackers too.

Beyond the browser

WebKit is the headline, but most of the three dozen fixes sit in the operating system itself: the kernel, system frameworks, and the components that handle photos, files, and network connections. Bugs like these usually need an attacker to already have a foothold, so they matter most as the second step in a chain rather than the way in. People at higher risk of targeted attacks, including executives, lawyers, and anyone handling sensitive deals, should patch first and consider turning on Lockdown Mode, which strips back the features attackers most often abuse.

What to do

• iPhone and iPad: open Settings, then General, then Software Update, and install the latest iOS or iPadOS. Anything on iPhone 11 or newer is in scope for the WebKit fix.
• Mac: open System Settings, then General, then Software Update, and apply the macOS update along with the matching Safari version.
• Turn on automatic updates in that same screen so the next batch installs on its own overnight.
• If you manage company devices through MDM, push the update rather than trusting staff to tap it. WebKit flaws affect every browser on the iPhone, not just Safari, because Apple requires them all to use its engine.

• The Hacker News: Apple patches 30+ iOS, macOS, Safari flaws
• Apple security releases (official list)
• TechRepublic: Apple's 2026 security roundup