Vetted by NeuralPress's Multi-Agent Verifier for strict factual validity and event relevance. Our compliance engine cross-checks and filters search results to ensure zero false correlations or misleading content.
Security Fix Distribution
Classification of patches included in Safari 26.5
Primary Sources
WebKit Features for Safari 26.5
Safari 26.5 is here, delivering the :open pseudo-class, the element-scoped keyword for random(), color-interpolation for SVG gradients, the ToggleEvent.source property for popovers, and the Origin API. Alongside new features, this release continues our ongoing efforts to greatly improve the quality of WebKit. There are 63 bug fixes in total — making this the biggest May release of WebKit yet. The improvements span SVG, WebRTC, networking, editing, and more. Scroll-driven animations and Anchor Positioning both get multiple fixes. Rendering at different zoom levels works better. And work continues improving the handling layout whenever a block-level element lives inside an inline element. CSS The :open pseudo-class The new :open pseudo-class in CSS provides a clean way to style the open state of elements like , , , and . Previously, you might have used the [open] attribute selector for and . It works on those elements, but doesn’t work on or . Plus, it’s an attribute selector doing the job better handled by a pseudo-class. Now :open provides a single, consistent pattern that works across all of these element types. For , it now matches when the dialog is showing — whether opened with showModal() or show(). And for , it applies when an associated picker is displayed, like a date or color picker. For , :open matches when the drop-down is expanded. select:open { border: 1px solid skyblue; } This is a practical improvement to everyday CSS. The progressive enhancement is straightforward — browsers that don’t yet support :open simply won’t apply those rules, and the underlying elements still function normally. Improvements to CSS random() We were proud to be the first browser to ship the new CSS random() function last December, in Safari 26.2. Since then, the CSS Working Group adjusted how named random values work. Using a named value in the syntax, like random(--size, 100px, 200px), now creates a global result, instead of something scoped to each individual element. Safari 26.5 implements these changes, including a new element-scoped keyword for when you need per-element behavior. For example, imagine you have eight instances of and apply the following CSS. .box { width: random(100px, 200px); height: random(100px, 200px); border: 2px solid black; } You get eight completely differently sized rectangles. This is because each time the random function is used, it generates a brand new number, in this case between 100px and 200px. This is how random() has worked...
iOS 26.5 Update: Apple Fixes Over 50 Security Flaws (2026)
It seems like just yesterday we were all buzzing about the latest features, and now Apple is back with another update, this time for iOS 26.5 and iPadOS 26.5. While the headline might scream "over 50 security flaws patched," I think it's more nuanced than just a number. What makes this particularly fascinating to me is the sheer volume of these patches, suggesting a constant, almost relentless cat-and-mouse game between Apple's security teams and those looking to exploit vulnerabilities. A Deeper Dive into the Patch Notes Personally, I find it intriguing that Apple's security support document, while detailing the fixes, also inadvertently provides a roadmap for potential attackers. Even without actively exploited bugs being reported, knowing where the vulnerabilities lie—be it in image handling, the kernel, or specific apps like Shortcuts and Spotlight—is invaluable intel for anyone with malicious intent. This is why I always stress the importance of updating promptly. It’s not just about getting the latest bells and whistles; it’s about closing those digital doors before someone else does. The mention of ten WebKit vulnerabilities that could lead to data exposure or crashes really catches my eye. WebKit is the engine that powers Safari and many other apps that display web content. A flaw here is like a crack in the foundation of your digital house, potentially exposing a lot more than just a single room. What this implies is that even seemingly innocuous browsing or app usage could have been a risk. Beyond the Latest and Greatest What I find especially interesting is the parallel release of older iOS and iPadOS versions (like iOS 18.7.9 and iOS 16.7.16) getting their own security fortifications. This isn't just about the bleeding edge; it’s a testament to Apple's commitment to a broad user base, including those who might be on older devices or have specific reasons for not upgrading to the very latest OS. It reminds us that security isn't a one-size-fits-all solution and requires ongoing attention across the entire ecosystem. Similarly, the macOS Tahoe 26.5 update, with its nearly 70 security fixes, reinforces the idea that a robust security posture is a multi-platform effort. It’s easy to focus on the iPhone, but our Macs are just as, if not more, susceptible to threats. This extensive patching across both mobile and desktop operating systems highlights the pervasive nature of cybersecurity challenges in today's interconnected world. The Bigger Pi...
macOS 26.5, iOS 26.5 and Co.: Apple patches numerous security ...
WebKit bugs are fixed by a new version of Safari. tvOS 26.5, watchOS 26.5, and visionOS 26.5, as usual, include the bug fixes from the other variants, provided the affected routines are present on ...
Why You Should Update: The iOS 26.5 Update Plugs Over 50 Security Holes ...
The iOS 26.5 and iPadOS 26.5 updates Apple released on Monday fixes over 50 security vulnerabilities, while nearly 70 security updates are included in macOS Tahoe 26.5.
