Apple has released new iOS and iPadOS versions, both 26.2, addressing a broad set of security vulnerabilities across core system components, apps, and the Safari browser engine. The update is available for iPhone 11 and later, as well as supported iPad models, and is recommended for all users.
The release fixes issues that could have allowed malicious apps or specially crafted content to access sensitive user data, cause unexpected crashes, or in some cases gain elevated system privileges.
Several fixes focus on app permissions and privacy controls. Issues that could have allowed apps to access sensitive payment tokens, private user data, Safari browsing history, and installed app information without proper authorization were resolved.
FaceTime and calling-related components were also updated to prevent caller ID spoofing and to reduce the risk of password fields being unintentionally exposed during remote device control sessions.
At the system level, Apple patched a kernel vulnerability that could have allowed an app to gain root privileges. Additional fixes addressed memory corruption and logic flaws in components such as AppleJPEG, libarchive, Photos, and Multi-Touch.
WebKit Vulnerabilities Patched
A significant portion of the update targets WebKit, the browser engine used by Safari and other apps. Apple fixed multiple memory safety issues, including use-after-free bugs, buffer overflows, and race conditions that could lead to crashes or arbitrary code execution.
Also confirmed was that some WebKit vulnerabilities may have been exploited in highly targeted attacks against specific individuals on earlier versions of iOS, making this update particularly important.
Patches for vulnerabilities in open-source components within Apple’s ecosystem, such as curl and libarchive are also included.
Update Now
Users are advised to update their devices as soon as possible to reduce exposure to known vulnerabilities. You can update from your device’s Settings >> General >> Software Update section.
For the complete list of fixes and additional information, visit Apple’s official security advisory here.
Leave a Reply