Zero Day Initiative | Blog
Follow
The June 2026 Apple Security Update Review
Apple released 37 security updates in June 2026 for iOS, iPadOS, macOS, and Safari. The majority of these vulnerabilities, 31 in total, are related to WebKit and WebRTC, often leading to crashes or denial of service through malicious web content. However, a few kernel and sandbox escape bugs present higher risks.CVE-2026-43724 stands out as a kernel bug allowing unexpected system termination or kernel memory writes, a critical step for full device control. Another significant kernel vulnerability, CVE-2026-39868, could corrupt kernel memory and is attributed to elite security researchers, suggesting it's a weaponizable bug. Additionally, CVE-2026-43725 and CVE-2026-43701 are WebKit sandbox escapes that enable websites to bypass restrictions. These sandbox escapes are crucial as they bridge the gap between web content exploits and potential kernel-level attacks. While many WebKit bugs cause simple crashes, these specific ones are flagged for their potential to lead to more severe system compromises. The update also includes vulnerabilities like information disclosure, memory corruption, privilege elevation, and spoofing. Apple does not provide CVSS scores, making it necessary to infer severity from the reported impacts and attributions. The company will continue this security update coverage if readers find it beneficial.