🚨 BREAKING: Apple Releases Safari 26.5 Security Update β€” All Safari Users Should Update Immediately

BLUF: Apple has released Safari 26.5, a security update addressing vulnerabilities in the Safari browser. All users running affected versions of Safari on macOS, iOS, and iPadOS should apply this update immediately. Specific CVE details have not been confirmed at time of publication.

DETAILS

  • Apple has officially released Safari 26.5 as a security-focused update; the release is confirmed.
  • CVE identifiers, vulnerability descriptions, severity ratings, and exploitation status have not been independently confirmed at time of this alert β€” full details are expected at Apple’s official advisory page: https://support.apple.com/en-us/100100
  • It is unknown at this time whether any vulnerabilities addressed in this release are being actively exploited in the wild.
  • Safari updates typically address WebKit engine vulnerabilities, which can include remote code execution, cross-site scripting, and sandbox escape issues β€” however, no specific vulnerability class has been confirmed for this release.
  • This alert will be updated as CVE details become available from Apple’s Security Updates page.

IMPACT

  • Who is affected: All users of Safari on macOS, iOS, and iPadOS running versions prior to Safari 26.5.
  • Scope: Potentially broad β€” Safari is the default browser on all Apple platforms and is used by hundreds of millions of users globally.
  • Severity: Cannot be assessed until CVE details are published. WebKit vulnerabilities historically range from moderate to critical.
  1. Update Safari immediately via System Settings β†’ General β†’ Software Update (macOS) or Settings β†’ General β†’ Software Update (iOS/iPadOS).
  2. Monitor Apple’s official advisory at https://support.apple.com/en-us/100100 for CVE details and severity ratings as they are published.
  3. Do not wait for severity confirmation β€” apply the update now given Apple’s standard practice of patching actively exploited vulnerabilities without pre-disclosure.
  4. Enterprise/MDM administrators: Push Safari 26.5 to managed devices and verify deployment compliance.
  5. Revisit this alert once CVE details are confirmed to assess whether additional mitigations are required.

SOURCES

⚠️ UNCERTAINTY FLAG: Vulnerability specifics, severity scores, and exploitation status are unconfirmed. This alert is based solely on the confirmed release of Safari 26.5 as a security update. Reassess upon Apple’s full advisory publication.