Apple published new Mac security updates today, June 29, 2026: macOS Tahoe 26.5.2 for Macs already running macOS Tahoe, plus Safari 26.5.2 for Macs running macOS Sonoma or macOS Sequoia. Apple also lists both releases on its master Apple security releases page with a June 29, 2026 release date.
For Windows users, I also checked Microsoft’s official security and release-health sources tonight. As of this check, Microsoft’s Security Update Guide, Windows message center, and Windows 11 release information did not show a same-day Windows security update, emergency cumulative update, or out-of-band Windows KB for June 29. The meaningful same-day desktop update tonight is on the Apple Mac side.
What Apple Released Today
- macOS Tahoe 26.5.2: Apple says this release is available for macOS Tahoe and lists security fixes across IOGPUFamily, Kernel, libxslt, Web Extensions, WebKit, WebKit Canvas, WebKit Storage, and WebRTC.
- Safari 26.5.2: Apple says this release is available for macOS Sonoma and macOS Sequoia. It includes Web Extensions, WebKit, WebKit Canvas, WebKit Storage, and WebRTC fixes for Macs that are not on Tahoe.
- Published CVE coverage: Apple’s macOS Tahoe 26.5.2 advisory lists 37 CVE entries. Apple’s Safari 26.5.2 advisory lists 31 CVE entries. Those numbers matter because Safari/WebKit issues can affect everyday browsing, email links, web apps, and cloud dashboards.
Apple’s wording includes several plain-English impact statements worth paying attention to. The macOS Tahoe advisory includes kernel-related issues where an app may be able to cause unexpected system termination, write kernel memory, leak sensitive kernel state, or corrupt kernel memory. It also includes libxslt and WebKit-related issues involving maliciously crafted web content. The Safari advisory repeats many of the browser-side WebKit fixes for Sonoma and Sequoia users, including issues where processing malicious web content may disclose sensitive information, crash Safari, corrupt memory, or let a malicious website process restricted content outside the sandbox.
Who Should Install These Updates?
If you use a Mac for business, school, banking, email, remote access, QuickBooks, Microsoft 365, Google Workspace, website admin work, or customer files, this is not an update to ignore. You should treat it as a normal security patching priority, especially if the Mac is used to open links, browse vendor portals, handle attachments, or run line-of-business web apps.
- Install macOS Tahoe 26.5.2 on Macs already running macOS Tahoe.
- Install Safari 26.5.2 on Macs running macOS Sonoma or macOS Sequoia.
- Check managed Macs separately if your business uses MDM, Jamf, Intune, Mosyle, Kandji, Addigy, or another management platform. The update may be available, but your policy may delay installation.
- Do not assume Safari is patched just because Chrome or Edge is updated. Safari and WebKit are system components used across parts of macOS, and Apple’s Safari security advisory is separate from third-party browser updates.
Why This Matters in Plain English
Mac security updates often sound abstract because the advisories talk about memory corruption, cross-origin data handling, sandbox restrictions, and kernel state. For a normal business user, the practical concern is simpler: attackers look for bugs that can be triggered by apps, browser content, web extensions, documents, or websites. When Apple patches WebKit and Safari, the fix can affect risk from normal browsing behavior, not just unusual high-risk activity.
That does not mean every Mac is under active attack tonight, and Apple’s advisory does not say these particular CVEs are being actively exploited in the wild. It does mean Apple considered the issues important enough to publish security updates outside the normal “ignore it until later” rhythm. For business machines, the right move is controlled patching: back up, install, restart, test critical apps, then roll out to the rest of the fleet.
What To Do Before Updating
- Save open work first. macOS updates can require a restart, and browser sessions or unsaved app windows are easy to lose.
- Confirm backups are current. For personal Macs, check Time Machine or your backup product. For business Macs, confirm the machine is covered by your managed backup plan before updating.
- Leave the Mac plugged in. Do not start a macOS update on low battery, especially on a laptop used for work travel.
- Allow enough time. Safari-only updates are usually faster than full macOS updates, but macOS updates can still take a while depending on model, storage speed, and available free space.
- Make sure you know your login password. After a restart, Touch ID may not be enough. You may need the actual account password.
- Check free storage. If your Mac is almost full, update installation can fail or take much longer.
How To Check for the Update
On most modern Macs, go to System Settings > General > Software Update. If macOS Tahoe 26.5.2 or Safari 26.5.2 appears, install it when you can safely restart or close browser windows. If the Mac is business-managed, you may see a deadline, deferral notice, or policy-controlled prompt instead of a simple install button.
After the update, reopen Software Update and confirm there are no remaining macOS or Safari updates waiting. Then open Safari and any business-critical apps you rely on every day. Test the basics: email, printer access, VPN, accounting software, cloud storage sync, shared drives, browser-based point-of-sale dashboards, and any vendor sites your team uses to run the business.
Business Rollout Guidance
For a single home or office Mac, installing tonight or the next maintenance window is reasonable. For a business with multiple Macs, use a staged rollout so one bad app compatibility surprise does not interrupt the whole team at once.
- Patch a small pilot group first. Include one Mac that represents your normal setup: printers, VPN, shared drives, browser extensions, Microsoft 365, accounting tools, and any industry-specific apps.
- Verify browser-heavy workflows. Because Safari/WebKit is a major part of this update, test web portals, payment dashboards, webmail, document signing sites, and any internal web apps.
- Watch extensions. Apple’s advisories include Web Extensions. If your staff depends on password managers, receipt capture tools, security extensions, or vendor browser add-ons, verify those still behave normally.
- Schedule restarts instead of relying on users. A patch that is downloaded but not restarted into place does not give you the same protection as a completed update.
- Document exceptions. If a Mac cannot be updated because of a legacy app, mark it as an exception, reduce exposure, and create a plan to fix the blocker.
What Can Go Wrong?
Most Apple security updates install cleanly, but there are still a few practical failure points we see in the real world. A Mac may have too little free space. A user may postpone the restart indefinitely. A browser extension may need an update. A VPN or security product may require a new helper approval after a macOS update. A managed Mac may show the update later than an unmanaged Mac because the business uses update deferrals.
Those are normal IT issues, not reasons to avoid patching. The right answer is to update in a way that protects the machine and keeps the business working: backup first, test the important workflows, and keep a record of machines that have not finished the update.
When To Call The IT Guys
Call us if your Mac will not show the update, the update fails, the machine is stuck during installation, Safari behaves strangely after updating, your VPN or printer stops working, or you need a managed rollout plan for multiple Macs. We can also help confirm which machines are still on Tahoe, Sonoma, or Sequoia, and whether your business has old Macs that are falling behind on security support.
For businesses, the bigger win is not just installing this one update. It is having a repeatable patch routine: know what you own, know which machines are exposed, back them up, patch in waves, verify the result, and keep the exceptions visible until they are fixed.