Urgent Apple Security Update Targets WebKit, Kernel, and Wi‑Fi Flaws
Apple has pushed out an urgent wave of Apple security updates for iPhones, iPads, and Macs to close serious holes in WebKit, the kernel, Wi‑Fi, and app sandboxing. The latest release cycle spans both current and legacy platforms, including macOS Tahoe 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, iOS 26.5 patches, iOS 18.7.9, iPadOS 18.7.9, iPadOS 17.7.11, iOS 16.7.16, and iOS 15.8.8. While Apple has not flagged any of the newly fixed issues as actively exploited, the breadth of kernel security flaw and WebKit vulnerability fix entries in its advisories underlines how deeply these bugs reach into core system components. Users on older operating systems are especially exposed because attackers often target lagging devices, making immediate updates essential to maintain protection against privilege escalation, data leakage, and remote attack chains.
iOS 26.5 Patches Over 60 Security Bugs, Including Kernel and Sandbox Escapes
For iPhone owners on supported hardware, iOS 26.5 patches more than 60 security vulnerabilities across key components such as the kernel, WebKit, Wi‑Fi, and App Intents. Six kernel-level issues were fixed, including CVE‑2026‑28951, which could allow a malicious app to gain root privileges, and CVE‑2026‑28943, reported by Google’s Threat Analysis Group. WebKit bugs like CVE‑2026‑28962 meant that simply interacting with crafted web content might expose sensitive information. Another flaw, CVE‑2026‑28995 in App Intents, could let an app escape its sandbox, undermining iOS’s core isolation model. Security researchers note that kernel memory bugs, WebKit vulnerabilities, and sandbox escapes are often chained together in sophisticated mobile attacks, so installing this Apple security update promptly is vital. iOS 26.5 is available for iPhone 11 and later, with parallel updates shipped for compatible iPad models.
Critical Fixes for Older iPhones, iPads, and Macs Still in Use
Apple is also rolling out important fixes to older iPhones, iPads, and Macs that no longer run the newest operating systems but remain widely used. Updates such as macOS Sonoma 14.8.7, macOS Sequoia 15.7.7, iOS 18.7.9, and iPadOS 18.7.9 deliver a broad WebKit vulnerability fix set, kernel hardening, and Wi‑Fi patches for devices like iPhone XS, iPhone XR, and the seventh‑generation iPad. Even legacy branches, including iOS 16.7.16, iPadOS 16.7.16, iOS 15.8.8, and iPadOS 15.8.8, are receiving security maintenance, addressing issues such as retained deleted notifications alongside other risks. This continued support extends protection back to hardware first released more than a decade ago. However, users running these older operating systems remain especially attractive targets. They should treat these updates as high priority to reduce the chance of kernel-level compromise, sandbox escapes, and privacy breaches.
What the WebKit and Kernel Fixes Mean for Everyday Security
WebKit sits at the heart of Safari, in‑app browsers, and many embedded web views, so a WebKit vulnerability fix has far‑reaching impact. Apple’s latest advisories describe issues that could bypass Content Security Policy, leak private data, or corrupt memory when viewing malicious web pages. At the same time, kernel security flaws addressed in macOS Tahoe 26.5 and the mobile updates include root privilege escalation, kernel memory disclosure, integer overflows, out‑of‑bounds writes, and race conditions. One Wi‑Fi bug could even allow arbitrary code execution with kernel privileges using crafted wireless traffic. Together, these weaknesses could be combined to take over a device, bypass Gatekeeper, or silently exfiltrate information. Although none are currently reported as exploited in the wild, the combination of kernel, WebKit, and Wi‑Fi bugs makes delaying updates risky, particularly for users who browse heavily or frequently connect to public networks.
How to Protect Your Devices and Why You Must Update Now
To benefit from these iOS 26.5 patches and related releases, users should update immediately via Settings on iPhone or iPad and System Settings on Mac, then restart so kernel and networking changes fully apply. Because many fixed issues involve malicious web content, crafted files, and sandbox escape chains, you should also avoid untrusted apps, unknown configuration profiles, suspicious links, unsecured Wi‑Fi, and unsolicited downloads. Devices that can no longer receive Apple security updates should not be used for sensitive activities like banking, password management, or storing highly personal data. The involvement of leading research teams and AI‑assisted discovery underscores how quickly both defenders and attackers are evolving. Updating now is the most effective way to stay ahead of exploit chains built on WebKit bugs, kernel security flaws, and Wi‑Fi vulnerabilities.