Apple has released three minor maintenance updates focused entirely on security. iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 don't introduce any new features, but they do patch security vulnerabilities and should be installed promptly. This is one of the last updates before the next major generation arrives this fall.
Apple today released iOS 26.5.2 and iPadOS 26.5.2 for iPhone and iPad, along with macOS Tahoe 26.5.2 for Mac. All three are minor updates to the systems launched last year and share identical release notes: the focus is solely on security fixes. This update follows iOS 26.5.1, released about a month ago, which addressed a charging issue on the iPhone Air and iPhone 17 series – this time, however, the focus is on all compatible devices.
What's included in the updates
The updates themselves are deliberately minimal in terms of content. According to Apple's official release notes, they provide security fixes for iPhone, iPad, and Mac; no new features are included. For details, Apple refers users to its central security page. Apple has since released the initially unpublished list of vulnerabilities addressed – and it is considerably more extensive than the brief release notes suggest.
Since Apple's release notes don't typically list every single change, it's possible that minor bug fixes are included alongside the security fixes. However, at its core, it remains a maintenance update – and that's precisely the purpose of a point update ending in .2.
Which gaps do the updates close?
The subsequently released documentation lists 37 individual vulnerabilities, each with its own CVE number. Remarkably, iPhone, iPad, and Mac receive exactly the same set of fixes: the security content of iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 is identical.
By far the largest portion of the fixes concerns WebKit, the browser engine behind Safari: 26 of the 37 entries relate to WebKit, including its Canvas and Storage components. In addition, there are four fixes for WebRTC, two each for the libxslt library, and one for web extensions – including web-related components. More system-level fixes include three kernel fixes and one for the IOGPUFamily graphics driver.
The vulnerabilities most revolve around manipulated web content that could lead to crashes, memory corruption, or the leakage of sensitive data during processing; several would have allowed attackers to read data across website boundaries or escape the sandbox. A vivid example is a vulnerability in WebKit memory that would have allowed a specially crafted website to silently steal content from the clipboard. The kernel fixes, in turn, prevented apps from triggering unexpected system crashes or manipulating kernel memory.
Apple makes no mention of any prior active exploitation for any of the vulnerabilities – so the update is not an urgent emergency. However, since the technical details are now public, prompt installation is still recommended. Also noteworthy is the growing role of AI-powered security research: several of the reported vulnerabilities originate from teams that use AI models to specifically search for flaws, including researchers from Anthropic, OpenAI, and Nvidia. The Safari security update in the spring already documented the first concrete result of this collaboration.
Here's how to download the updates
On iPhone and iPad, the update can be installed via Settings under "General" and then "Software Update." On a Mac, it's accessed via System Preferences under "Software Update." Since this update contains security-related fixes, prompt installation is recommended - however, if you prefer, you can wait a day or two after a major release to avoid the initial wave of updates.
Positioning within Apple's update cycle
Between major system releases, Apple regularly releases point updates ending in .1 or .2. These updates don't introduce new features but instead fix bugs, improve stability, and close security vulnerabilities discovered after the main release. iOS 26.5.2 fits seamlessly into this pattern and is correspondingly unremarkable. The underlying iOS 26 launched in September with new features like RCS encryption – since then, Apple has primarily maintained the series through these maintenance updates.
iOS 26 is entering its final phase
With iOS 26.5.2, the current generation is nearing its end. Apple is already testing iOS 26.6, which so far shows only minimal visible changes – meaning at least one more update is expected before autumn. However, the main focus is clearly on iOS 27, which Apple has already made available to developers; a public beta is expected in July, with the final release in autumn. Until then, updates like this one ensure that the running system remains secure and stable in the background. (Image: Apfelpatient)
- iOS 26.6 Beta 3: Apple nears completion
- WhatsApp: Usernames can now be reserved
- Apple acquires the award-winning design tool Play
- Indian antitrust case: Apple accuses the authority of plagiarism
- Apple and Chinese storage: Approval is likely to be difficult
- Apple is seeking approval for Chinese storage devices
- The US partially releases Claude Mythos 5
- Data leak at Tata: Apple and suppliers react
- OpenAI poachs Apple's Vision Pro and glasses chief
- Storage crisis: Apple is also said to be partly responsible
- Apple is heading towards record market shares in 2026
- Apple hints at further price increases
- Apple is raising prices: Macs, iPads and more are getting more expensive
- Siri AI should clearly reject URL summaries
- Stolen iPhone: Apple tightens its recommendations




