Over 60 Security Fixes in iOS 26.5 and Companion Updates
Apple’s latest iOS 26.5 security update delivers more than 60 security fixes targeting high‑impact vulnerabilities, and the same patches are being rolled out to older iPhone and iPad models via parallel releases. Beyond standard bug fixes, this update focuses on hardening core components that are frequently targeted in real‑world attacks. Apple has also issued iOS 18.7.9 and iPadOS 18.7.9, iPadOS 17.7.11, iOS 16.7.16, and iOS 15.8.8 so that devices unable to run iOS 26.5 still receive the identical security protections. Together, these iPhone security patches aim to close gaps before attackers can weaponize them, especially since modern exploits often chain multiple bugs across system layers. Apple is strongly recommending that all users install the latest available version for their device without delay, underscoring the seriousness of the vulnerabilities and the importance of staying on the most up‑to‑date software.
Kernel and WebKit Vulnerabilities: What’s at Risk
Several of the most serious issues fixed in iOS 26.5 involve kernel security flaws and WebKit vulnerabilities. Six kernel‑level bugs were patched, including CVE‑2026‑28951, which could allow a malicious app to gain root privileges—essentially full control over the device. Another kernel issue, CVE‑2026‑28943, was discovered by Google’s Threat Analysis Group, which typically focuses on sophisticated, state‑backed attackers and high‑risk targets. On the WebKit side, around a dozen issues were resolved, including CVE‑2026‑28962, where simply interacting with malicious web content might expose sensitive data. These fixes significantly reduce the risk of silent device compromise through drive‑by websites or weaponized apps. Because kernel and WebKit are central to how iOS runs apps and loads websites, failing to apply this WebKit vulnerability fix could leave your device open to stealthy attacks that are difficult to detect or reverse.
AI, Threat Researchers, and the New Attack Landscape
The attribution of some of these vulnerabilities highlights how active and sophisticated today’s threat landscape has become. One WebKit flaw, CVE‑2026‑28942, was credited to researchers at Anthropic working with its Claude AI system, showing how advanced AI tools are now being used to find critical bugs before attackers do. At the same time, security experts note that adversaries are also increasingly leveraging AI to discover and exploit similar weaknesses. Another notable flaw, CVE‑2026‑28995 in App Intents, could let a malicious app escape its sandbox, breaking a key iOS security boundary. As Jamf’s Adam Boynton observed, the concentration of kernel memory issues, WebKit vulnerabilities, and an App Intents sandbox escape mirrors the typical components chained together in modern mobile attacks. This evolving dynamic makes rapid installation of iOS 26.5 security updates vital, even though none of the patched issues are currently known to be under active exploitation.
Which Devices Are Covered and Matching Updates for Older Models
iOS 26.5 is available for iPhone 11 and newer models, as well as compatible iPad devices starting from the 8th generation and iPad mini 5th generation onward. For slightly older hardware, Apple has released iOS 18.7.9 and iPadOS 18.7.9 specifically for iPhone XS, iPhone XS Max, iPhone XR, and the 7th‑generation iPad, bringing the same core security protections to those devices. Additional updates—iPadOS 17.7.11, iOS 16.7.16, and iOS 15.8.8—extend these patches further back to devices like iPhone 8, iPhone X, iPhone 7, and first‑generation iPhone SE, among others. This broad coverage shows Apple’s continued commitment to shipping iPhone security patches even for older models that cannot run the latest major iOS release. If your device is not eligible for iOS 26.5, you should still see one of these companion updates in your settings, and you should install it just as urgently.
How to Safely Install the Latest iOS and iPadOS Security Updates
Updating is straightforward and takes only a few minutes, but you should follow a safe process. First, back up your iPhone or iPad to iCloud or your preferred backup method so you can restore your data if anything goes wrong. Then open the Settings app, tap General, and choose Software Update. Your device will automatically detect whether iOS 26.5, iOS 18.7.9, iPadOS 17.7.11, iOS 16.7.16, or iOS 15.8.8 is appropriate for your hardware. Tap Download and Install, agree to any prompts, and keep your device connected to power and Wi‑Fi while the update completes. Your iPhone or iPad will restart to finish installation. Because these patches fix a kernel security flaw and multiple WebKit issues that could lead to serious compromise, it is wise not to postpone this update on any of your Apple devices.