More Than 60 Critical Fixes in the iOS 26.5 Update
The iOS 26.5 update is not a routine release—it delivers over 60 iPhone security patches targeted at critical security flaws. Apple is urging all eligible users to install it immediately, because the update covers multiple high‑impact components, including the kernel and WebKit. Six kernel security bugs were fixed, such as CVE-2026-28951, which previously could have allowed a malicious app to gain root privileges and effectively take over the device. Around a dozen WebKit vulnerabilities were also addressed, including issues like CVE-2026-28962, where simply interacting with malicious web content could expose sensitive information. This concentration of kernel and WebKit fixes underscores how attackers commonly chain bugs together in modern exploits. Even though Apple says none of these vulnerabilities are currently known to be actively exploited, the breadth and depth of the issues patched in iOS 26.5 make delaying the update a significant risk.
Kernel, WebKit, and Sandbox Escapes: What’s at Stake
Beyond the sheer number of fixes, several specific vulnerabilities patched in the iOS 26.5 update highlight how serious the risks are. Kernel-level issues, including CVE-2026-28943 and CVE-2026-28951, could potentially let malicious apps break out of normal restrictions and gain system‑level control. At the same time, multiple WebKit vulnerability fixes, such as CVE-2026-28962 and CVE-2026-28942, close holes where crafted websites or web content might leak data or execute unexpected code inside Safari and other apps that rely on WebKit. Apple also patched CVE-2026-28995 in App Intents, a flaw that could allow an app to escape its sandbox—one of the core protections that normally keeps apps from interfering with each other or the operating system. Security experts note that kernel memory bugs, WebKit exploits and sandbox escapes are exactly the types of weaknesses attackers chain together in sophisticated, real‑world iPhone attacks.
Why Google and AI Researchers Are Involved—and Why It Matters
The discovery credits for several iOS 26.5 security patches reveal how high the stakes are for this update. One critical kernel vulnerability, CVE-2026-28943, was reported by Google’s Threat Analysis Group, a team that focuses on advanced, often state‑backed threat actors and high‑risk users. Another WebKit vulnerability, CVE-2026-28942, was found by researchers at Anthropic using its Claude AI system. This shows AI tools are now being used to strengthen defenses, even as attackers are also leveraging AI to develop and refine exploits. Security professionals highlight that this mix of kernel memory issues, WebKit bugs and sandbox escape flaws represents exactly the kind of exploit chains used in targeted attacks on mobile devices. With more than 60 vulnerabilities patched and sophisticated actors clearly interested in these components, installing iOS 26.5 quickly is essential to reducing your exposure before attackers can weaponize any of the now‑disclosed bugs.
Updates for Older iPhones and iPads: iOS 18, 17, 16 and 15
If your device is too old for the iOS 26.5 update, Apple still has you covered with dedicated iPhone security patches. The same underlying vulnerabilities have been addressed across multiple iOS versions. Apple has released iOS 18.7.9 and iPadOS 18.7.9 for devices like iPhone XS, iPhone XS Max, iPhone XR and iPad 7th generation, as well as iPadOS 17.7.11 for certain older iPad Pro and iPad models. Additional updates—iOS 16.7.16, iPadOS 16.7.16 and iOS 15.8.8/iPadOS 15.8.8—extend these fixes further back to devices such as iPhone 8, iPhone X, iPhone 7, iPhone 6s, the first‑generation iPhone SE and corresponding iPads and iPod touch. These releases arrive alongside iOS 26.5 and iPadOS 26.5 and even follow an earlier iOS 26.4.2 emergency fix. Apple’s decision to patch multiple generations simultaneously means you should check every iPhone and iPad you own and install the latest available update.
How to Install iOS 26.5 and Stay Protected
Updating to iOS 26.5 or the equivalent security release for your device takes only a few minutes and immediately protects you from dozens of newly disclosed vulnerabilities. First, back up your iPhone or iPad using iCloud or your preferred backup method to safeguard your data. Then open the Settings app, tap General and choose Software Update. Your device will automatically detect whether iOS 26.5, iPadOS 26.5, or an appropriate version such as iOS 18.7.9, 17.7.11, 16.7.16 or 15.8.8 is available. Tap Install to download and apply the update, then allow your device to restart to complete the process. Because these patches address kernel security bugs, WebKit vulnerability chains, sandbox escapes and Wi‑Fi and notification issues across multiple iOS generations, Apple explicitly recommends installing them without delay. Enabling automatic updates afterward can help ensure you receive future critical fixes as soon as they are released.