With iOS 26.2, Apple has released a major security update. Along with iPadOS 26.2 and macOS Tahoe 26.2, numerous bugs are fixed, including several security vulnerabilities. Particularly concerning is Apple's confirmation that at least two of these vulnerabilities have already been actively exploited. This update is therefore less of a routine maintenance update and more of a targeted response to actual attacks.
Apple regularly emphasizes the importance of security and privacy. iOS 26.2 clearly demonstrates why regular updates play a crucial role. In total, more than 20 security vulnerabilities are closed, distributed across various system areas, apps, and services. Some of these vulnerabilities affect fundamental system functions and could have serious consequences in a worst-case scenario. Older iOS versions prior to iOS 26 were apparently the primary targets of specific attacks.
Over 20 security vulnerabilities in iOS 26.2 have been closed
With iOS 26.2, Apple fixes over 20 known security vulnerabilities. These flaws affect, among other things, WebKit, the App Store, image processing, the Photos app, and system functions related to FaceTime. Apple released the updates simultaneously for iPhone, iPad, and Mac, indicating that the vulnerabilities were system-wide.
Two actively exploited WebKit vulnerabilities
Two security vulnerabilities in WebKit are of particular interest. WebKit is Apple's central browser engine and is used not only in Safari, but also in many other apps.
The first vulnerability allows maliciously crafted web content to execute arbitrary code. An attacker could theoretically gain control of the system using this. Apple states that this issue may have been exploited in a highly sophisticated attack targeting individuals using iOS versions prior to iOS 26.
The second WebKit vulnerability can lead to memory corruption when processing manipulated web content. Apple is also aware of a report that this vulnerability may have been part of a targeted attack against specific individuals using older iOS versions.
Apple fixed one of the WebKit bugs through improved memory management. The other bug was closed through improved validation of web content.
Other security-related flaws in apps and services
In addition to WebKit, iOS 26.2 closes other, sometimes critical, vulnerabilities:
- A flaw in the App Store could have allowed access to sensitive payment tokens. Under certain circumstances, this could have compromised payment information.
- The processing of specially prepared image files could lead to memory corruption, which represents a potential entry point for attacks.
- Photos in the hidden album could be viewed under certain conditions without prior authentication. This directly affects the privacy of the device.
- Additionally, passwords could be unintentionally deleted when a device was remotely controlled via FaceTime. This bug was also fixed in iOS 26.2.
Why Apple is now urgently recommending the update
Apple points out that after the public disclosure of security vulnerabilities, the risk increases that previously unused weaknesses will also be actively exploited. Once details are known, attackers can specifically search for unpatched devices.
For this reason, Apple strongly recommends that all users update their devices to iOS 26.2, iPadOS 26.2 and macOS Tahoe 26.2 as soon as possible.
iOS 26.2 closes actively exploited security vulnerabilities
iOS 26.2 is a critical security update that goes far beyond minor bug fixes. The closure of more than 20 security vulnerabilities, including two actively exploited WebKit flaws, underscores the seriousness of the situation. The update not only improves system stability but also closes specific attack vectors that have already been used in real-world scenarios. Apple device users can significantly enhance the protection of their systems with iOS 26.2. (Image: frenta / DepositPhotos.com)
- Apple in the crosshairs: Swiss researchers examine NFC access in the iPhone
- iOS 26.4, iOS 27 & iOS 28: Internal code reveals new features
- iOS 26.2 is here: A quick overview of all the important new features
- Apple wins lawsuit over commissions for external payment links
- Apple rolls out new firmware for AirPods Pro 3 and AirPods Pro 2
- OpenAI releases GPT-5.2 for ChatGPT: new top model
- Internal Apple code reveals upgrades for HomePod mini & AirTag
- Apple Code reveals progress on Siri and a possible HomePad
- Apple and other companies: US calls for stricter AI controls
- Pressure on Google: EU takes its cue from Apple's App Store
- Leak: Apple is preparing iPads with faster hardware for 2026
- Apple leak reveals Studio Display 2 with major upgrades
- Apple TV enhances its reputation with new AFI accolades
- Apple: Citi sees strong growth and raises price target
- Thanks to AI, the Apple Watch is becoming a tool for disease prediction
- Apple and Google simplify switching and support DMA, according to the EU
- Disney plans to expand its board of directors and is counting on Jeff Williams
- iPhone Fold: Analysts see a strong impact on the segment
- Apple Arcade announces fresh content for January 2026
- Google is focusing on AI-powered smart glasses and plans to launch them in 2026
- Netflix guarantees: Warner will continue producing for Apple TV
