{"id":60481,"date":"2025-11-04T01:58:20","date_gmt":"2025-11-04T00:58:20","guid":{"rendered":"https:\/\/www.apfelpatient.de\/?p=60481"},"modified":"2025-11-04T02:04:34","modified_gmt":"2025-11-04T01:04:34","slug":"ios-26-1-closes-over-50-dangerous-security-gaps","status":"publish","type":"post","link":"https:\/\/www.apfelpatient.de\/en\/news\/ios-26-1-schliesst-ueber-50-gefaehrliche-sicherheitsluecken","title":{"rendered":"iOS 26.1 closes over 50 dangerous security vulnerabilities."},"content":{"rendered":"

Apple has released a comprehensive security update, iOS 26.1 and iPadOS 26.1, which addresses numerous vulnerabilities in various system components. This is the first major update since the initial release of iOS 26 in September. The other platforms\u2014macOS, tvOS, watchOS, and visionOS\u2014have also received corresponding security updates. The full release notes for iOS 26.1 list over 50 fixed security vulnerabilities, some of which had serious implications for privacy, device security, and app access permissions.<\/strong><\/p>\n\n\n\n

iOS 26.1 significantly improves security. Among other things, the update closes vulnerabilities that allowed unauthorized apps to take screenshots, escape their sandbox, or access sensitive user data. WebKit\u2014the engine behind Safari\u2014was also affected multiple times. Some flaws allowed keystrokes to be intercepted or website content to be manipulated. In addition to the iPhone, the iPad also receives these improvements.<\/p>\n\n\n\n

Security vulnerabilities in Apple services and core functions<\/h4>\n\n\n\n

The update addresses, among other things, a problem with Apple accounts that allowed malicious apps to take screenshots of sensitive information. Access to temporary files in Photos has been restricted to prevent the reading of sensitive content. A bug in the Camera app that allowed information about the current view to be captured before actual access has also been fixed.<\/p>\n\n\n\n

A flaw in the "Find My" function would have allowed fingerprint scanning. Similar privacy issues were also found and fixed in email drafts, the status bar, Siri, notes, and the device's built-in intelligence.<\/p>\n\n\n\n

WebKit and Safari in focus<\/h4>\n\n\n\n

WebKit was affected by a number of vulnerabilities. Some of these enabled cross-site tracking, while others allowed the browser to crash when accessing manipulated content. Several problems were resolved through improved memory management and additional checks. One specific bug allowed apps to monitor keystrokes without consent. Safari's address bar was also vulnerable to spoofing attacks\u2014forged URLs could create a false impression of the actual website.<\/p>\n\n\n\n

Increased device security through kernel and system updates<\/h4>\n\n\n\n

In several cases, apps were able to access system functions directly or indirectly, for example through insufficiently protected permissions, faulty validations, or memory management issues. These vulnerabilities include those in the kernel, Apple Neural Engine, FileProvider, CoreServices, Installer, libxpc, and the sandbox system. One specific flaw allowed an attacker to disable anti-theft protection\u2014this was also fixed in iOS 26.1.<\/p>\n\n\n\n

A vulnerability in the control center allowed users to view content from the lock screen that should have been protected. In several cases, installed apps could be accessed, and sensitive data such as contacts, location information, or email content could be captured.<\/p>\n\n\n\n

Other affected areas<\/h4>\n\n\n\n

Less obvious system areas were also updated. These include multi-touch, MallocStackLogging, CoreText, CloudKit, AppleMobileFileIntegrity, Model I\/O, the Apple TV Remote, audio logging, text input, and WebKit Canvas. Some attacks required physical access to the device, while others could be exploited simply by installing a malicious app. The vulnerabilities ranged from sandbox breaches and privilege escalation to memory errors that could crash processes. The update can be installed directly via Settings > General > Software Update.<\/p>\n\n\n\n