Over 60 Security Fixes in iOS 26.5: The Big Picture
Apple’s iOS 26.5 security update delivers more than 60 security fixes, making it one of the most important recent iPhone security patches. The release focuses heavily on kernel security flaws, multiple WebKit vulnerability fixes, and an App Intents bug that could let malicious apps break out of their sandbox. Apple followed this with parallel updates for older devices, including iOS 18.7.9, iPadOS 17.7.11, iOS 16.7.16, and iOS 15.8.8, all carrying the same underlying protections. Security researchers note that the cluster of kernel, WebKit, and sandbox escape issues reflects how real-world attackers chain bugs to gain deep access to mobile devices. While Apple has not reported any of these vulnerabilities as currently exploited, the sheer scope and sensitivity of the components involved means delaying the iOS 26.5 security update leaves a wide attack surface open on everyday iPhones and iPads.
Why Kernel and WebKit Bugs Matter to Everyday Users
Among the six kernel-level flaws fixed in iOS 26.5, CVE-2026-28951 could allow a malicious app to gain root privileges, effectively giving it system-level control. Another kernel issue, CVE-2026-28943, was reported by Google’s Threat Analysis Group, which focuses on sophisticated, often state-backed threats. At the same time, around a dozen WebKit issues were addressed, including CVE-2026-28962, where simply interacting with crafted web content might expose sensitive data, and CVE-2026-28942, credited to Anthropic researchers working with the Claude AI system. Because WebKit powers Safari and most in‑app browsers, these WebKit vulnerability fixes protect nearly every way you browse the web on an Apple device. Combined with CVE-2026-28995 in App Intents—a sandbox escape risk—these kernel and WebKit bugs could be chained to bypass protections, steal data, or install persistent malware if left unpatched.
Which iPhones and iPads Get iOS 26.5 and Related Patches
iOS 26.5 is available for iPhone 11 and later models, alongside compatible iPad hardware from the 8th‑generation iPad and 5th‑generation iPad mini onward. However, Apple has also shipped synchronized iPhone security patches for older devices that can’t run iOS 26.5. iOS 18.7.9 and iPadOS 18.7.9 target iPhone XS, XS Max, XR, and the 7th‑generation iPad. iPadOS 17.7.11 is available for the 2nd‑generation 12.9‑inch iPad Pro, 10.5‑inch iPad Pro, and 6th‑generation iPad. iOS and iPadOS 16.7.16 apply to iPhone 8, 8 Plus, iPhone X, 5th‑generation iPad, 9.7‑inch iPad Pro, and 1st‑generation 12.9‑inch iPad Pro. Finally, iOS and iPadOS 15.8.8 cover iPhone 6s and 7 families, the 1st‑generation iPhone SE, iPad Air 2, 4th‑generation iPad mini, and iPod touch (7th generation). All of these releases include the same core security content as iOS 26.5, ensuring even older hardware receives critical protections.
Step‑by‑Step: How to Install the iOS 26.5 Security Update
Before installing iOS 26.5 or its equivalent update on your device, back up your iPhone or iPad using iCloud or your preferred backup method. Once your data is safe, open the Settings app, tap General, then select Software Update. Your device will automatically check for the appropriate iOS or iPadOS version—whether that’s iOS 26.5 for newer models or updates like iOS 18.7.9, 16.7.16, or 15.8.8 for older devices. Tap Download and Install, agree to any terms, and keep your device connected to power and Wi‑Fi while the update downloads. When prompted, allow the device to restart; it must reboot to complete installation of the iOS 26.5 security update or its counterpart. After the restart, your iPhone or iPad will be running with the latest kernel security flaw fixes, WebKit vulnerability protections, and other critical patches in place.
