Apple is speeding up software patching due to AI security concerns – here’s what you need to know
The tech giant issued an unexpected round of updates as AI speeds up patching velocity
Apple has dropped an unexpected out-of-band patch, and it's apparently because of concerns that AI is helping hackers exploit vulnerabilities at lightning speed.
The tech giant released iOS 25.6.2 yesterday, with fixes for iOS and iPadOS, despite normally bundling such security patches into wider updates. Apple hasn't said when its next major update, iOS 26.6, is set to be released, but it's widely expected in the next few weeks ahead of iOS 27 in the autumn.
Apple told Reuters that the extra security update was down to concerns about AI shortening the time between a flaw being spotted and exploited by hackers.
The company said that shorter timelines from flaw to exploit meant it needed to respond by cutting the time between when updates are announced and released.
That shouldn't be taken as a suggestion that Apple was seeing any evidence that hackers were already making use of any of the flaws included in the update, the company noted.
ITPro approached Apple for confirmation of the changes made to its security patching policy, but did not receive a response by time of publication.
Apple responds to accelerating threats
The move comes in response to wider concerns that AI is helping hackers find flaws more easily and turn them into exploits more quickly. Indeed, this has been a recurring talking point since the release of powerful new frontier models such as Anthropic’s Claude Mythos range.
Last month, Google said it had spotted cyber criminals using AI to build a working zero-day exploit, with John Hultquist, chief analyst at GTIG, warning that an “AI vulnerability race is imminent”
That echoes a warning earlier this year from Daniel dos Santos, VP of research at Forescout, who told ITPro that enterprises should brace themselves for an explosion of vulnerabilities thanks to AI, further adding to the workload of security teams.
Jake Moore, Global Cybersecurity Advisor at ESET, told ITPro that while the “jury is still out” on how powerful tools such as Mythos are, AI advances do mean that security teams and threat actors alike are scrambling to find software vulnerabilities.
"Whenever a new issue is discovered, there's a race to patch flaws before they can be exploited – and if users or security teams hold off on installing updates, it's a gift to threat actors,” he said.
Moore added that increasing numbers of patches mean the process needs to be automated as much as possible to avoid update fatigue for both end users and security practitioners.
"In the age of automated vulnerability discovery, we're past the point of expecting users and security teams in organisations to manually patch everything," he commented.
"Updates should be automated wherever possible to reduce the burden on users while making sure patches are applied rapidly."
Apple iOS 26.5.2
The security fixes released by Apple were previously revealed via a beta of the update, as is Apple's usual procedure, and addressed more than 30 vulnerabilities across iOS and iPadOS.
Those include kernel vulnerabilities that could corrupt memory and trigger system shutdown and a stack of WebKit issues, including one that could leak sensitive data after visiting a website.
Three WebKit flaws were spotted by OpenAI's Codex Security, while another was spotted by a pair of AI researchers using Claude Anthropic.
The update should have already landed on devices, and is supported on these devices:
- iPhone 11 and later
- iPad Pro 12.9 inch, 3rd generation and later
- iPad Pro 11 inch, 1st generation and later
- iPad Air 3rd generation and later
- iPad 8th generation and later
- iPad mini 5th generation and later
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
NIST eyes quantum gains with new research and manufacturing centerNews The move comes in response to a recent executive order aimed at accelerating the commercialization of quantum technologies
-
US offers $10m bounty for info on Russia-linked hackersNews UNC5792 and UNC4221 have been targeting government officials through their Signal and WhatsApp accounts
-
Apple’s Siri overhaul is a ‘watershed moment’ in its long-awaited AI push – but it still has to win over skepticsNews The revamped Siri AI could put to rest questions over its lackluster approach to AI, providing it nails the roll-out
-
Apple Business: Everything you need to know about the all-new enterprise platformNews The new platform will replace the previous business suites Apple offered, with more focus on helping businesses grow through Apple Maps
-
Alert issued over critical vulnerabilities in Linux’s AppArmor security layer – more than 12 million enterprise systems are at risk of root accessNews Researchers have warned Linux flaws allow unprivileged local users to gain root privileges and weaken container isolation
-
AI-generated code is fast becoming the biggest enterprise security risk as teams struggle with the ‘illusion of correctness’News Security teams are scrambling to catch AI-generated flaws that appear correct before disaster strikes
-
The open source ecosystem is booming thanks to AI, but hackers are taking advantageNews Analysis by Sonatype found that AI is giving attackers new opportunities to target victims
-
UK government launches industry 'ambassadors' scheme to champion software security improvementsNews The Software Security Ambassadors scheme aims to boost software supply chains by helping organizations implement the Software Security Code of Practice.
-
AI-generated code is now the cause of one-in-five breaches – but developers and security leaders alike are convinced the technology will come good eventuallyNews AI coding tools now write 24% of production code globally, but it's risky and causing issues for developers and security practitioners alike.
-
US Senator calls for Microsoft FTC probe over ‘gross cybersecurity negligence’ – Ron Wyden claims the tech giant has provided ‘dangerous, insecure software’ to the US governmentNews Ron Wyden, a Democratic senator from Oregon, has written to the chair of the FTC calling for an investigation into Microsoft's cyber practices.
