Darksword/WebKit/Safari exploit cluster & Mythos macOS bypass
Key Questions
What security issues are covered in the Darksword/WebKit/Safari exploit cluster?
The cluster includes an active WebKit exploit targeting legacy iPhone 7 and newer devices, plus CISA alerts on Coruna and DarkSword exploit kits affecting 220-270 million unpatched systems. It also involves a new wormable zero-click RCE in the AirPlay protocol known as Airborne.
How does Anthropic's Mythos AI impact macOS security?
Mythos discovered a macOS root exploit with post-patch persistence capabilities. This research highlights ongoing risks even after official updates are applied.
What iOS updates address the recent vulnerabilities?
Apple released iOS 26.4.2 and 26.5, fixing 39 to over 60 flaws including a dyld zero-day and broader logging issues. These updates also resolve notification privacy problems.
What is the Airborne vulnerability in AirPlay?
Airborne is a wormable zero-click remote code execution flaw in Apple's AirPlay Protocol and SDK, discovered by Oligo Security Research. It poses significant risks for device-to-device spread without user interaction.
What risks are associated with Apple Intelligence prompt injection?
Academic research from 2025-2026 shows prompt injection attacks can manipulate ranking systems and lead to data leaks or unauthorized actions. This raises concerns about AI-driven features exposing user information.
Which older devices remain vulnerable to active exploits?
Unsupported models like the iPhone 7 and earlier are under active attack via WebKit flaws, with Russian and Chinese operators using Coruna and DarkSword kits. Millions of devices running outdated iOS versions are exposed.
How many security flaws were patched in recent Apple updates?
Recent releases addressed dozens of issues, including 39 flaws in iOS 26.3 and roughly 60 in iOS 26.5, plus macOS Archive Utility bugs like CVE-2026-28910. None of the patched flaws in some updates were known to be actively exploited at release.
What is the current status of these Apple security threats?
The issues are described as climaxing, with ongoing active exploitation, federal alerts, and rapid discovery of new flaws by AI tools like Mythos. Adoption lag continues to expose over 1.6 billion devices worldwide.
Anthropic Mythos AI macOS root with post-patch persistence; new WebKit active exploit on legacy iPhone 7+; iOS patches for 39+60+flaws incl. dyld zero-day. New wormable zero-click RCE in AirPlay. CISA alerts on Coruna/DarkSword for 220-270M unpatched. Added: Apple Intelligence prompt injection research raising data leak/manipulation risks. Climaxing.