Skip to Content

Update Now: iOS 26.2 Fixes 20+ Security Vulnerabilities

by

Apple today released iOS 26.2, iPadOS 26.2, and macOS 26.2, all of which introduce new features, bug fixes, and security improvements. Apple says that the updates address over 20 vulnerabilities, including two bugs that are known to have been actively exploited.

bug security vulnerability issue fix larry
There are a pair of WebKit vulnerabilities that could allow maliciously crafted web content to execute code or cause memory corruption. Apple says that the bugs might have been exploited in an attack against targeted individuals on versions of iOS before iOS 26.

Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.

Processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.

One of the WebKit bugs was fixed with improved memory management, while the other was addressed with improved validation.

There are several other vulnerabilities that were fixed too, across apps and services. An App Store bug could allow users to access sensitive payment tokens, processing a malicious image file could lead to memory corruption, photos in the Hidden Album could be viewed without authentication, and passwords could be unintentionally removed when remotely controlling a device with FaceTime.

Now that these vulnerabilities have been publicized by Apple, even those that were not exploited before might be taken advantage of now. Apple recommends all users update their devices to iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2 as soon as possible.

Related Roundups: iOS 26, iPadOS 26
Related Forum: iOS 26

Popular Stories

Apple Event Logo

Apple Released Seven New Products Today

Wednesday March 11, 2026 7:05 am PDT by
Starting today, the seven new Apple products that were announced last week are available at Apple Stores and beginning to arrive to customers. The colorful MacBook Neo and all of the other new products are on display at most Apple Store locations around the world starting today. Apple Stores have inventory of the new products for both walk-in customers and Apple Store pickup, but...
Read Full Article22 comments
ios 26 4 yellow

Everything New in iOS 26.4 Beta 4

Monday March 9, 2026 3:50 pm PDT by
Apple is continuing to test the iOS 26.4 beta, and the latest update is now available for developers and public beta testers. As testing goes on, there are fewer new features in each beta, but today’s release adds new emoji characters and a few other changes. New Emoji Apple added new emoji characters, including trombone, treasure chest, distorted face, hairy creature, fight cloud, orca,...
Read Full Article71 comments
Apple MacBook Pro M4 hero

Apple Planning 'MacBook Ultra' With Touchscreen and Higher Price

Sunday March 8, 2026 8:05 am PDT by
Apple is planning to launch an all-new "MacBook Ultra" model this year, featuring an OLED display, touchscreen, and a higher price point, Bloomberg's Mark Gurman reports. Gurman revealed the information in his latest "Power On" newsletter. While Apple has been widely expected to launch new M6-series MacBook Pro models with OLED displays, touchscreen functionality, and a new, thinner design...
Read Full Article488 comments

Top Rated Comments

turbineseaplane Avatar
turbineseaplane
13 weeks ago
This is so predictable ..

Better not stay behind ... we just found a very scary vulnerability (amazing timing!).. so scary, we won't fix it anywhere else .. you have to come get it on FisherPriceOS 26.2
Score: 31 Votes (Like | Disagree)
HouseLannister Avatar
HouseLannister
13 weeks ago

Every OS upgrade regardless of platform does this, or not?
Android is so componentized that individual parts of the OS are patched daily. The OS is updated quarterly just like Apple, but those are feature updates and not security patches. Meanwhile Apple delays releasing security fixes for weeks that are being actively exploited because they are also trying to make a transparency slider for the clock and can't do those two things separately. In the last 24 hours, my Pixel has updated the Phone app, the Google app, Google Drive, Google Translate, Voice Access, Android AICore, Google Messages, Gboard, Pixel Camera, and Google Wallet. And that's a pretty typical day. The security is outstanding on Android because of how they structured their OS and the flexibility it gives them.
Score: 21 Votes (Like | Disagree)
jz0309 Avatar
jz0309
13 weeks ago
THAT is why I update, not for the features that have been described so many times here.
But that's just me
Score: 15 Votes (Like | Disagree)
Diopter Avatar
Diopter
13 weeks ago
And some of the security fixes were included in 18.7.3 too...

But so far 18.7.3 hasn't been released for iPhones that are capable of upgrading to iOS 26, even if they're still on 18.7.2. It's currently only available to devices that can't upgrade to iOS 26.

I hope that's a temporary error and not a deliberate move by Apple to force users to update to iOS 26.
Score: 15 Votes (Like | Disagree)
B
Biro
13 weeks ago
“Even with our annoying alerts, you people won’t “upgrade” to our buggy and unattractive iOS/iPadOS/MacOS 26! So we’ve found some security vulnerabilities that will end your life if you don’t “upgrade” right now. So everybody in the pool!”

Jeez, I predicted this a number of times since 26 came out. The same as it ever was. So what’s worse… the security vulnerabilities or the bugs still in 26? 🤣🤣🤣

EDIT: Apple’s notes read thusly… “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”

Okay… then where is the 18.7.3 update? The only way to protect ourselves is to go with 26.2? Give me a break.
Score: 12 Votes (Like | Disagree)
J
jgba
13 weeks ago
In other words, if you're still on Sequoia, switch to another browser (Firefox is good). Stop using Safari.

Because, guess what: even though they updated Sequoia today, it does not include fixes for these "actively exploited" vulnerabilities, according to Apple's "security content" notes. Gee, thanks.

edit: I didn't see Safari 26.2 for Sequoia listed in the security content list, so maybe I missed it, but it's now there and lists these fixes, so please disregard this post.
Score: 12 Votes (Like | Disagree)
Read All Comments