Over 60 Critical Security Fixes in iOS 26.5
Apple’s new iOS 26.5 security update delivers more than 60 iPhone security patches, targeting some of the most sensitive parts of the operating system. Six kernel-level flaws have been fixed, including CVE-2026-28951, which previously could have allowed a malicious app to gain root privileges—essentially full control over your device. Around a dozen WebKit kernel bugs were also patched, such as CVE-2026-28962, where simply interacting with malicious web content might expose your sensitive information. Another critical security fix addresses CVE-2026-28995 in App Intents, a vulnerability that could let a rogue app escape its sandbox and access data or functions it should never reach. Security experts note that kernel memory issues, WebKit vulnerabilities, and sandbox escapes are often chained together in real-world attacks, so applying iOS 26.5 quickly significantly reduces your risk of compromise.
Why These Vulnerabilities Are Especially Dangerous
The vulnerabilities fixed in iOS 26.5 are not theoretical edge cases—they map directly onto how modern mobile attacks are built. Kernel flaws can give attackers deep system access, while WebKit bugs enable drive‑by attacks through poisoned websites, messages, or in‑app browsers. App Intents sandbox escapes bridge the gap, letting malicious apps break out of their confined space. One kernel vulnerability, CVE-2026-28943, was reported by Google’s Threat Analysis Group, a team known for tracking state‑backed and high‑risk threats. A separate WebKit issue, CVE-2026-28942, was credited to Anthropic researchers working with the Claude AI system, underscoring how AI is now used both to discover bugs and to power sophisticated attacks. Even though these specific flaws are not yet reported as actively exploited, the high‑value components involved make delaying the iOS 26.5 security update a risky bet.
Which iPhones and iPads Get iOS 26.5 or Equivalent Patches
iOS 26.5 is available for iPhone 11 and later models, and compatible iPad hardware from the 8th‑generation iPad and iPad mini 5th generation onward. These devices receive the full set of over 60 critical security fixes, including the kernel, WebKit, and sandbox escape patches. Older devices that cannot run iOS 26.5 are not left behind. Apple has released parallel iPhone security patches: iOS 18.7.9 and iPadOS 18.7.9 for iPhone XS, XS Max, XR, and iPad 7th generation; iPadOS 17.7.11 for iPad Pro 12.9‑inch 2nd generation, iPad Pro 10.5‑inch, and iPad 6th generation; iOS 16.7.16 and iPadOS 16.7.16 for iPhone 8, 8 Plus, iPhone X, iPad 5th generation, and early iPad Pro models; and iOS 15.8.8 / iPadOS 15.8.8 for iPhone 6s, iPhone 7, 1st‑gen iPhone SE, select iPad Air and mini models, and iPod touch 7th generation.
How to Update Your iPhone or iPad Safely
Updating to iOS 26.5 or the corresponding security release on older devices only takes a few minutes and dramatically improves your protection. First, back up your iPhone or iPad to iCloud or your preferred backup method so you can restore your data if anything goes wrong. Then open the Settings app, tap General, and choose Software Update. Your device will automatically detect whether iOS 26.5, iOS 18.7.9, iPadOS 17.7.11, iOS 16.7.16, or iOS 15.8.8 is appropriate for your model. Tap Download and Install, agree to any prompts, and keep the device connected to power and Wi‑Fi until the process completes. Your iPhone or iPad will restart to finish installation. Given that these releases also roll in previous fixes—including the recent notifications bug patch—installing them promptly ensures you stay current with Apple’s latest critical security fixes.
Why You Should Update Immediately, Not Later
Even though Apple has not yet confirmed active exploitation of these specific vulnerabilities, history shows that once security details are public, attackers rush to weaponize them. The mix of kernel flaws, WebKit vulnerabilities, and App Intents sandbox escapes in iOS 26.5 lines up perfectly with the components commonly chained in sophisticated mobile exploits. Some of the bugs were discovered by teams focused on high‑risk, targeted attacks, highlighting their potential value to advanced adversaries. At the same time, AI tools are helping both defenders and attackers move faster, shrinking the window between disclosure and real‑world abuse. Delaying the iOS 26.5 security update leaves that window open on your device. Whether you use a new iPhone 11 or later, or rely on an older model updated to iOS 18.7.9, 17.7.11, 16.7.16, or 15.8.8, installing these updates now is one of the simplest, most effective security steps you can take.