Apple has released Safari 26.5 addressing critical security vulnerabilities in the WebKit engine. The update patches 20 WebKit vulnerabilities that could potentially crash the browser or expose sensitive user information to malicious websites. Security researchers discovered these flaws through coordinated disclosure programs, highlighting the ongoing importance of browser security for all macOS users.

The vulnerabilities affect both macOS Sonoma and macOS Sequoia systems. Several issues allow maliciously crafted web content to bypass Content Security Policy protections, potentially leading to unauthorized access to user data. Other flaws cause unexpected application crashes through memory handling problems and use-after-free vulnerabilities that attackers could exploit to compromise user systems.

Security researchers including Cantina, Luke Francis, and DARKNAVY identified these vulnerabilities through coordinated disclosure programs. Apple has addressed each issue with improved input validation, memory management, and access restrictions. Users running compatible systems should update to Safari 26.5 immediately to protect against potential exploitation that could lead to data breaches or system instability.