Apple
Curated coverage and analysis in this editorial area.

Apple Compresses Patch Cycle After AI Uncovers Four WebKit Flaws
On June 29, 2026, Apple released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2, and Safari 26.5.2, addressing over 30 vulnerabilities.…

macOS: Standard Users Disable EDR/MDM Without Admin Rights
A privilege escalation technique on macOS exploits CDHash caching and NIB injection to silently disable enterprise security tools. App…

ClickFix macOS: When Users Bypass Gatekeeper Themselves
Microsoft has documented the latest evolution of ClickFix campaigns on macOS: operators have ditched manual DMG installers for Termina…

Tata Electronics Breach: 200,000 Files Leaked, Apple and Tesla Secrets Appear on Dark Web
Tata Electronics confirmed a cybersecurity incident on June 22, 2026, stating it occurred "a few weeks ago" with no operational impact…

usbliter8: Unpatchable Exploit Hits Apple A12/A13 SecureROM
Paradigm Shift releases usbliter8, an unpatchable hardware exploit achieving arbitrary EL1 execution in Apple A12/A13 SecureROM via th…

Apple Beats: Bluetooth Flaw Turns Headphones Into Spy Microphones
Apple patched CVE-2025-20701 in Beats Studio Buds: attackers within Bluetooth range could eavesdrop on conversations by exploiting a f…

Apple macOS USD Library Flaw Enables Information Disclosure and Exploit Chaining
A vulnerability in the macOS Universal Scene Description (USD) library (ZDI-26-315) allows for out-of-bounds reads and potential code…

Apple Patches macOS RCE Vulnerability in USD Library (ZDI-26-314)
A critical out-of-bounds write in the macOS USD library could allow remote code execution through malicious 3D files. Apple released a…

macOS USD Library Bug ZDI-26-315 Exposes System Memory, Patch Issued May 12
Apple has addressed ZDI-26-315, an out-of-bounds read vulnerability in the macOS Universal Scene Description (USD) library. Rated CVSS…

Safari Regex Engine Vulnerability Allows Remote Code Execution via Duplicate Named Groups
Apple has patched a high-severity (CVSS 8.8) remote code execution vulnerability in Safari. The flaw involves a heap-based buffer over…

Apple Safari WebCore Vulnerability: ZDI-26-312 Enables Remote Code Execution
A use-after-free vulnerability in Safari’s WebCore style resolver allows for remote code execution through user interaction, affecting…

Apple Fixes WebKit Zero-Days Exploited in 'Extremely Sophisticated' Attacks
Apple has issued emergency security updates for Safari 26.2 and iOS 18.7.3 to remediate two critical WebKit vulnerabilities (CVE-2025-…