Over 60 Security Fixes in iOS 26.5
Apple’s iOS 26.5 security update delivers more than 60 security fixes, making it one of the most important iPhone security patches in recent months. The release targets a wide range of weaknesses, with a particular focus on critical kernel vulnerabilities and WebKit security bugs that underpin the browsing experience in Safari and other apps. According to Apple, the same Apple security fixes are also being shipped across iPadOS 26.5 and other platforms, indicating a coordinated response to serious, platform‑wide flaws. The update arrives just weeks after an earlier emergency patch and adds another layer of protection on top of the 37 security issues addressed in iOS 26.4. Even though Apple has not flagged these flaws as currently exploited, the sheer volume and depth of the issues underscore why updating to iOS 26.5 should be treated as urgent rather than optional.
Why Kernel and WebKit Bugs Are So Dangerous
Several of the most serious flaws patched in iOS 26.5 lie in the kernel—the core of the operating system—and in WebKit, the engine that powers Safari and many in‑app browsers. Six kernel‑level issues were fixed, including CVE-2026-28951, which could allow a malicious app to gain root privileges, effectively taking full control of the device. Another kernel bug, CVE-2026-28943, was reported by Google’s Threat Analysis Group, a team that focuses on high‑risk, state‑backed attacks, highlighting the strategic interest in these weaknesses. On the WebKit side, more than a dozen bugs were addressed, such as CVE-2026-28962, where interacting with malicious web content might expose sensitive data. Because kernel and WebKit components are often chained together in sophisticated mobile attacks, leaving these issues unpatched dramatically increases the risk of silent, remote compromise.
AI and Security Research: Who Found These Flaws?
The discovery of several iOS 26.5 vulnerabilities highlights how both defenders and attackers are increasingly using advanced tools, including AI. One critical WebKit flaw, CVE-2026-28942, was credited to researchers at Anthropic working with its Claude AI system. This demonstrates how AI-assisted analysis can help uncover subtle WebKit security bugs before they are abused. At the same time, Apple and security experts warn that adversaries are also turning to AI to accelerate exploit development, making timely Apple security fixes more important than ever. The mix of kernel memory issues, WebKit vulnerabilities, and an App Intents sandbox escape (CVE-2026-28995) reflects exactly the sort of components modern threat actors chain together for powerful, stealthy attacks. Even though none of these specific flaws are confirmed as actively exploited, the high-value nature of the reports suggests they would be prime targets if left unpatched.
Which Devices Are Covered by iOS 26.5 and Companion Updates?
iOS 26.5 is available for iPhone 11 and later models, with equivalent updates on iPadOS 26.5 for supported iPads, including 8th‑generation iPad and iPad mini 5th generation onward. For owners of slightly older devices that can’t move to iOS 26.5, Apple has released a parallel wave of iPhone security patches that deliver the same core fixes. These include iOS 18.7.9 and iPadOS 18.7.9 for iPhone XS, iPhone XS Max, iPhone XR, and iPad 7th generation; iPadOS 17.7.11 for select iPad Pro and iPad 6th generation; iOS 16.7.16 and iPadOS 16.7.16 for iPhone 8, iPhone 8 Plus, iPhone X, and several earlier iPads; and iOS 15.8.8 / iPadOS 15.8.8 for devices as old as iPhone 6s and iPad Air 2. This broad coverage shows Apple’s commitment to keeping older hardware protected.
How to Update Now and Protect Your iPhone
Given the scope of the vulnerabilities fixed in iOS 26.5, Apple explicitly recommends installing the update immediately on all supported devices. Before you start, back up your iPhone or iPad via iCloud or your preferred backup method to safeguard your data. Then open Settings, tap General, and select Software Update to check for the latest version available for your model. You should see either iOS 26.5 or the appropriate maintenance release such as iOS 18.7.9, 16.7.16, or 15.8.8, depending on your device. Tap Download and Install, follow the on‑screen prompts, and allow your device to restart to complete the process. Because kernel and WebKit flaws can be exploited simply by installing a malicious app or loading a compromised website, delaying this update leaves your device unnecessarily exposed to serious, hard‑to‑detect attacks.