TidBITS Security Editor Rich Mogull analyzes Anthropic’s announcements of Mythos, an AI model that’s startlingly good at finding security flaws in software, and Project Glasswing, which gives Apple and other tech giants early access to these capabilities so they can fix bugs before bad actors catch up. On the update front, Adam Engst reports that the quickly released OS 26.4.1 updates address the CloudKit syncing issues in iOS 26.4, and he reassures readers that a newly discovered macOS “49-day” networking bug—where TCP connections fail after extended uptime—likely won’t affect most people. Finally, we share a link to The Verge’s enthusiastic endorsement of vertical tabs, available at long last in Google Chrome. Notable Mac app releases this week include Audio Hijack 4.5.7, Bookends 15.3.2, and OmniFocus 4.8.9.
If iCloud syncing has been unreliable since you updated to iOS 26.4, relief has arrived. Although Apple’s release notes don’t mention it, developers confirm that iOS 26.4.1 and iPadOS 26.4.1 fix the CloudKit bug. Apple also released macOS 26.4.1 Tahoe, presumably to incorporate the same code changes.
Don’t panic about the newly discovered macOS bug that freezes TCP networking after 49 days of uptime. Between security updates, sleep cycles, and typical usage patterns, most Mac users will never encounter this edge-case failure.
AI is accelerating the discovery of security vulnerabilities, transforming the landscape of digital security. But Apple users are in a good spot, thanks to Apple’s focus on security and control over the entire ecosystem. TidBITS Security Editor Rich Mogull explains Anthropic’s Mythos and Project Glasswing.
Watchlist
Brings user interface updates to the full-featured audio recording app. ($64 new, free update, 27.7 MB, macOS 14.4+)
Reference management tool adds a new AppleScript command to sync a library. ($74.99 new, free update, 128.9 MB, macOS 11+)
Maintenance update with improvements and bug fixes for the task management app. ($74.99 new, free update, 40.4 MB, macOS 14+)
