Apple releases security patches for iOS, MacOS Tahoe, Safari


Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac.

The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas.

What stands out in the update is that a lot of the vulnerabilities were found in WebKit, the browser engine that powers Safari as well as every browser on iPhone, including Chrome, Firefox, and Edge. It also looks like several of the issues Apple has addressed can be chained together to steal data or run malicious code with little or no user interaction.

Read more…
Source:  MalwareBytes Labs


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Update your Chrome to fix serious actively exploited vulnerability

    May 19, 2025

    Google released an emergency update for the Chrome browser to patch an actively exploited vulnerability that could have serious ramifications. The update brings the Stable channel to versions 136.0.7103.113/.114 for Windows and Mac and 136.0.7103.113 for Linux. The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging ...

  • Fortinet Releases Multiple Security Advisories

    May 14, 2025

    Fortinet has released security advisories to two critical vulnerabilities. The security advisories address one critical vulnerability in FortiOS, FortiProxy and FortiSwitchManager, and an exploited vulnerability in FortiVoice, FortiMail, FortiNDR, FortiRecorder and FortiCamera. CVE-2025-32756 is a ‘stack-based buffer overflow’ vulnerability with a CVSSv3 score of 9.6. Successful exploitation could allow a remote unauthenticated attacker to execute arbitrary ...

  • Mitel Releases Security Advisory for Mitel SIP Phones

    May 12, 2025

    Mitel has released security advisory addressing two vulnerabilities in Mitel SIP Phones including Mitel 6800 Series, 6900 Series, 6900w Series and 6970 Conference Unit. CVE-2025-47188 has a CVSSv3 base score of 9.8 and is a ‘command injection’ vulnerability that could allow an unauthenticated attacker to inject and execute arbitrary commands on the device. Exploitation could lead ...

  • Cisco Releases May 2025 IOS XE Software Security Advisory Bundled Publication

    May 8, 2025

    Cisco has released 20 security advisories that describe 26 vulnerabilities in Cisco IOS Software and Cisco IOS XE Software. Cisco IOS (internetwork operating system) is the operating system used on Networking devices. Cisco IOS XE is a modular version of that operating system, used on newer enterprise networking devices. Cisco has released software updates that ...

  • Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)

    May 7, 2025

    In April of 2025, Rapid7 discovered and disclosed three new vulnerabilities affecting SonicWall Secure Mobile Access (“SMA”) 100 series appliances (SMA 200, 210, 400, 410, 500v). These vulnerabilities are tracked as CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821. An attacker with access to an SMA SSLVPN user account can chain these vulnerabilities to make a sensitive system directory writable, ...

  • Android fixes 47 vulnerabilities, including one zero-day – update as soon as you can!

    May 6, 2025

    Google has patched 47 vulnerabilities in Android, including one actively exploited zero-day vulnerability in its May 2025 Android Security Bulletin. Zero-days are vulnerabilities that are exploited before vendors have a chance to patch them—often before they even know about them. The May updates are available for Android 13, 14, and 15. Android vendors are notified of ...