Update Now: iOS 26.2 Fixes 20+ Security Vulnerabilities - MacRumors
Skip to Content

Update Now: iOS 26.2 Fixes 20+ Security Vulnerabilities

by

Apple today released iOS 26.2, iPadOS 26.2, and macOS 26.2, all of which introduce new features, bug fixes, and security improvements. Apple says that the updates address over 20 vulnerabilities, including two bugs that are known to have been actively exploited.

bug security vulnerability issue fix larry
There are a pair of WebKit vulnerabilities that could allow maliciously crafted web content to execute code or cause memory corruption. Apple says that the bugs might have been exploited in an attack against targeted individuals on versions of iOS before iOS 26.

Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.

Processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.

One of the WebKit bugs was fixed with improved memory management, while the other was addressed with improved validation.

There are several other vulnerabilities that were fixed too, across apps and services. An App Store bug could allow users to access sensitive payment tokens, processing a malicious image file could lead to memory corruption, photos in the Hidden Album could be viewed without authentication, and passwords could be unintentionally removed when remotely controlling a device with FaceTime.

Now that these vulnerabilities have been publicized by Apple, even those that were not exploited before might be taken advantage of now. Apple recommends all users update their devices to iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2 as soon as possible.

Related Roundups: iOS 26, iPadOS 26
Related Forum: iOS 26

Popular Stories

iOS 26

Here's What's New in iOS 26.5 So Far

Tuesday April 21, 2026 1:30 pm PDT by
iOS 26.5 has been in beta since late March, with a third beta released this week. The update is relatively minor so far, which is not too surprising given that Apple is starting to shift its focus towards iOS 27. Apple will unveil iOS 27 during its WWDC 2026 keynote on June 8, and the update should be released in September. iOS 26.5 lays the groundwork for two changes, including end-to-end...
Read Full Article46 comments
iOS 26

Apple Seeds Second iOS 26.5 and iPadOS 26.5 Betas to Developers

Monday April 13, 2026 10:08 am PDT by
Apple today seeded the second betas of upcoming iOS 26.5 and iPadOS 26.5 updates to developers for testing purposes, with the software coming two weeks after Apple released updated first betas. Registered developers can download the betas from the Settings app on the iPhone or iPad by going to the General section and selecting Software Update. iOS 26.5 and iPadOS 26.5 do not include new...
Read Full Article28 comments
iOS 26

iOS 26.4.1 Update for iPhones is Coming Soon

Monday April 6, 2026 10:30 am PDT by
Apple's software engineers are testing iOS 26.4.1, according to the MacRumors visitor logs, which have been a reliable indicator of upcoming iOS versions. iOS 26.4.1 should be a minor update that fixes bugs and/or security vulnerabilities, and it will likely be released either this week or next week. Last month, Apple launched the Studio Display XDR, and it promised to release a Medical...
Read Full Article37 comments

Top Rated Comments

turbineseaplane Avatar
turbineseaplane
21 weeks ago
This is so predictable ..

Better not stay behind ... we just found a very scary vulnerability (amazing timing!).. so scary, we won't fix it anywhere else .. you have to come get it on FisherPriceOS 26.2
Score: 31 Votes (Like | Disagree)
HouseLannister Avatar
HouseLannister
21 weeks ago

Every OS upgrade regardless of platform does this, or not?
Android is so componentized that individual parts of the OS are patched daily. The OS is updated quarterly just like Apple, but those are feature updates and not security patches. Meanwhile Apple delays releasing security fixes for weeks that are being actively exploited because they are also trying to make a transparency slider for the clock and can't do those two things separately. In the last 24 hours, my Pixel has updated the Phone app, the Google app, Google Drive, Google Translate, Voice Access, Android AICore, Google Messages, Gboard, Pixel Camera, and Google Wallet. And that's a pretty typical day. The security is outstanding on Android because of how they structured their OS and the flexibility it gives them.
Score: 21 Votes (Like | Disagree)
Diopter Avatar
Diopter
21 weeks ago
And some of the security fixes were included in 18.7.3 too...

But so far 18.7.3 hasn't been released for iPhones that are capable of upgrading to iOS 26, even if they're still on 18.7.2. It's currently only available to devices that can't upgrade to iOS 26.

I hope that's a temporary error and not a deliberate move by Apple to force users to update to iOS 26.
Score: 15 Votes (Like | Disagree)
jz0309 Avatar
jz0309
21 weeks ago
THAT is why I update, not for the features that have been described so many times here.
But that's just me
Score: 15 Votes (Like | Disagree)
B
Biro
21 weeks ago
“Even with our annoying alerts, you people won’t “upgrade” to our buggy and unattractive iOS/iPadOS/MacOS 26! So we’ve found some security vulnerabilities that will end your life if you don’t “upgrade” right now. So everybody in the pool!”

Jeez, I predicted this a number of times since 26 came out. The same as it ever was. So what’s worse… the security vulnerabilities or the bugs still in 26? 🤣🤣🤣

EDIT: Apple’s notes read thusly… “Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”

Okay… then where is the 18.7.3 update? The only way to protect ourselves is to go with 26.2? Give me a break.
Score: 12 Votes (Like | Disagree)
J
jgba
21 weeks ago
In other words, if you're still on Sequoia, switch to another browser (Firefox is good). Stop using Safari.

Because, guess what: even though they updated Sequoia today, it does not include fixes for these "actively exploited" vulnerabilities, according to Apple's "security content" notes. Gee, thanks.

edit: I didn't see Safari 26.2 for Sequoia listed in the security content list, so maybe I missed it, but it's now there and lists these fixes, so please disregard this post.
Score: 12 Votes (Like | Disagree)
Read All Comments