Apple released iOS 26.5.2, iPadOS 26.5.2, and macOS 26.5.2 today with bug fixes and security fixes. We now know that the security fixes were for around 29 exploits, most of which were for WebKit.
As per tradition, Apple does not disclose security issues and their patches until the software updates are live. Upon release, it takes some time for Apple to publish all the details on its security releases page.
An initial review shows that both iOS and macOS got 29 security fixes each. The fixes targeted the same areas for both: IOGPUFamily, Kernel, libxslt, Web Extensions, WebRTC, WebKit Canvas, WebKit Storage, and WebKit. It goes without saying that users should update their devices immediately to take advantage of these fixes.
It is always important to look out for security issues that may have been actively exploited in the wild, instead of just being reports by researchers and organizations. Fortunately, none of the issues carry any reports of being actively exploited.
If you are interested, you can see the full details of the security content in the software updates by navigating to the below links, and reading more about their associated CVE-ID:
Note that the Web Extensions and WebKit security fixes are also a part of Safari 26.5.2, and details of the fixes are available here.
Even though other Apple operating systems such as visionOS also use Safari and WebKit, the company has not released software updates for devices other than iPhone, iPad and Mac. Whether this is due to other devices being safe from these exploits, or they will receive the fixes as part of future software updates is yet to be seen. Apple is beta testing watchOS 26.6, tvOS 26.6, and visionOS 26.6 with developers at the time of writing,
Apple is currently beta testing iOS 27, iPadOS 27 and macOS Golden Gate with developers. The company will likely include these fixes in an upcoming beta release to keep testers protected.
