Apple has released a comprehensive security update, iOS 26.1 and iPadOS 26.1, which addresses numerous vulnerabilities in various system components. This is the first major update since the initial release of iOS 26 in September. The other platforms—macOS, tvOS, watchOS, and visionOS—have also received corresponding security updates. The full release notes for iOS 26.1 list over 50 fixed security vulnerabilities, some of which had serious implications for privacy, device security, and app access permissions.
iOS 26.1 significantly improves security. Among other things, the update closes vulnerabilities that allowed unauthorized apps to take screenshots, escape their sandbox, or access sensitive user data. WebKit—the engine behind Safari—was also affected multiple times. Some flaws allowed keystrokes to be intercepted or website content to be manipulated. In addition to the iPhone, the iPad also receives these improvements.
Security vulnerabilities in Apple services and core functions
The update addresses, among other things, a problem with Apple accounts that allowed malicious apps to take screenshots of sensitive information. Access to temporary files in Photos has been restricted to prevent the reading of sensitive content. A bug in the Camera app that allowed information about the current view to be captured before actual access has also been fixed.
A flaw in the "Find My" function would have allowed fingerprint scanning. Similar privacy issues were also found and fixed in email drafts, the status bar, Siri, notes, and the device's built-in intelligence.
WebKit and Safari in focus
WebKit was affected by a number of vulnerabilities. Some of these enabled cross-site tracking, while others allowed the browser to crash when accessing manipulated content. Several problems were resolved through improved memory management and additional checks. One specific bug allowed apps to monitor keystrokes without consent. Safari's address bar was also vulnerable to spoofing attacks—forged URLs could create a false impression of the actual website.
Increased device security through kernel and system updates
In several cases, apps were able to access system functions directly or indirectly, for example through insufficiently protected permissions, faulty validations, or memory management issues. These vulnerabilities include those in the kernel, Apple Neural Engine, FileProvider, CoreServices, Installer, libxpc, and the sandbox system. One specific flaw allowed an attacker to disable anti-theft protection—this was also fixed in iOS 26.1.
A vulnerability in the control center allowed users to view content from the lock screen that should have been protected. In several cases, installed apps could be accessed, and sensitive data such as contacts, location information, or email content could be captured.
Other affected areas
Less obvious system areas were also updated. These include multi-touch, MallocStackLogging, CoreText, CloudKit, AppleMobileFileIntegrity, Model I/O, the Apple TV Remote, audio logging, text input, and WebKit Canvas. Some attacks required physical access to the device, while others could be exploited simply by installing a malicious app. The vulnerabilities ranged from sandbox breaches and privilege escalation to memory errors that could crash processes. The update can be installed directly via Settings > General > Software Update.
- iOS 26.1 now available: What's in the new update
- iPhone update search failed? How to solve the problem
iOS 26.1 & Co.: Mandatory update due to critical vulnerabilities
iOS 26.1 fixes a large number of security issues and is therefore a highly recommended update for all supported devices. The vulnerabilities affect almost all core services and functions of the operating system – from Safari and Camera to Contacts, Email, and WebKit, right down to the system kernel itself. Apple has published the complete list of all fixed security vulnerabilities in the official release notes. Anyone who wants to keep their device up to date should install iOS 26.1 and subsequent updates as soon as possible. (Image: Shutterstock / Pingz)
- New intro for Apple TV: Finneas reveals details
- Apple launches App Store for the web
- Apple TV shows new intro with music by FINNEAS
- Apple launches creative Christmas project in London
- Apple confirms: No new Macs planned for 2025
- Apple stock: Wedbush raises price target to $320
- Apple stock: TD Cowen significantly raises price target to $325
- Apple stock: Evercore raises price target to $300
- Apple stock: JP Morgan raises price target to $305
- No chat monitoring: EU foregoes chat surveillance
- Apple in leak dispute: New details about Prosser and Ramacciotti
- WhatsApp is testing its own app for the Apple Watch
- Apple Q4 2025 Overview – Facts from the Conference Call
- Apple experiences sales boom: iPhone 17 exceeds expectations
- Apple struggles with tariffs: Billions in costs in the Christmas quarter
- Apple confirms: Redesigned Siri will be released in 2026
- Apple aims for record sales during the Christmas season
- Apple Q4 2025: Record revenue and strong profit growth
- China and the USA: No real peace in the trade dispute
- Bank of America raises price target for Apple to $320
