
Apple Adopts Frequent Security Updates and New Vulnerability Tools Reported by SANS
On July 6, 2026, the SANS Internet Storm Center’s Stormcast reported Apple’s shift to more frequent, incremental security updates instead of bundling patches with major OS releases. The recent updates (iOS, macOS 26.5, and Safari) focused on WebKit vulnerabilities, reflecting a new strategy to release fixes from beta versions (e.g., 26.6) ahead of schedule. A tool called Tempest was introduced, designed to integrate with existing AI coding agents (e.g., Claude or local models) to identify and exploit vulnerabilities without requiring new tokens. RunZero disclosed seven critical flaws in the FAT FS open-source file system implementation, many enabling arbitrary code execution, particularly risky for IoT devices mounting SD cards or USB media. OpenWRT released version 25.12.5, patching privilege escalation and DHCP-related vulnerabilities, though none allowed unauthenticated device takeover. The update also addressed SCP issues, reinforcing the need to secure admin interfaces via VPNs rather than exposing them to the internet.