Apple Releases Security Update Addressing Multiple Vulnerabilities in iOS 26 and iPadOS 26

Apple has released a comprehensive security update for iOS 26 and iPadOS 26, addressing 27 vulnerabilities across multiple system components.

The update was released on September 15, 2025, targeting devices including iPhone 11 and later models, along with various iPad generations from iPad Pro 12.9-inch 3rd generation onwards.

Critical System Components Receive Security Patches

The security patches span 23 different system components, with WebKit receiving particular attention due to multiple vulnerabilities that could lead to Safari crashes and unexpected process termination.

The Apple Neural Engine, which powers machine learning capabilities across Apple devices, also received fixes for an out-of-bounds access issue that could cause system crashes.

Several core system components required security improvements, including the Kernel, IOKit, and Sandbox systems.

The Kernel update addresses a logic issue where UDP server sockets bound to local interfaces could become accessible to all interfaces, potentially exposing network communications.

The Sandbox component received fixes for permissions issues that could allow applications to break out of their security restrictions.

Media Processing and Privacy Vulnerabilities Addressed

Media processing components CoreAudio and CoreMedia both received patches for vulnerabilities that could lead to app termination or memory corruption when processing maliciously crafted files.

The Audio component similarly addresses out-of-bounds access issues through improved bounds checking mechanisms.

Multiple vulnerabilities related to sensitive data access have been resolved across various system services.

AppleMobileFileIntegrity received fixes to prevent unauthorized access to user data, while Bluetooth components now feature improved data redaction to protect sensitive information from unauthorized access.

The Text Input system received critical updates to prevent keyboard suggestions from displaying sensitive information on lock screens.

Additionally, Siri improvements ensure Private Browsing tabs cannot be accessed without proper authentication, strengthening user privacy protections during voice interactions.

WebKit components received multiple security patches addressing various crash scenarios and unauthorized access issues.

These fixes prevent maliciously crafted web content from causing Safari crashes, unexpected process termination, and unauthorized sensor access without user consent.

The WebKit Process Model specifically addresses a use-after-free vulnerability that could lead to Safari crashes when processing malicious web content.

These browser security enhancements are particularly significant given the widespread use of Safari across Apple’s ecosystem and the potential for web-based attacks targeting mobile users.

Apple continues its practice of crediting security researchers who responsibly disclosed these vulnerabilities, with contributions from researchers at Trend Micro Zero Day Initiative, Kandji, and various independent security professionals.

Users are strongly encouraged to install this security update immediately to protect against potential exploitation of these vulnerabilities.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates