Apple Releases Full Security Fixes List for iOS 26.2 and all Others

iOS 26.1 and iPadOS 26.1 fix dozens of security flaws. Here is the full list

Apple released new 26.2 updates for iOS, iPadOS, macOS, tvOS, watchOS, and visionOS earlier today. Now Apple has posted the security content for each release, and it outlines the bugs and vulnerabilities the company fixed across its platforms.

Next, the iOS 26.2 and iPadOS 26.2 security notes stand out because they cover a wide range of areas, including the App Store, FaceTime, the kernel, Messages, and WebKit. Also, Apple patched an issue that let a malicious app learn what other apps you had installed.

Don’t miss the best of The Mac Observer

Set us as a preferred source and our Apple reporting ranks higher in your Google Search results and Discover feed — one tap, no account changes.

Or get it by email

What Apple says is fixed in iOS 26.2 and iPadOS 26.2

Now here is Apple’s official security log for iOS 26.2 and iPadOS 26.2, shown as-is.

App Store
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to access sensitive payment tokens

Description: A permissions issue was addressed with additional restrictions.

CVE-2025-46288: floeki, Zhongcheng Li from IES Red Team of ByteDance

AppleJPEG
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing a file may lead to memory corruption

Description: The issue was addressed with improved bounds checks.

CVE-2025-43539: Michael Reeves (@IntegralPilot)

Calling Framework
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An attacker may be able to spoof their FaceTime caller ID

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2025-46287: an anonymous researcher, Riley Walz

curl
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Multiple issues in curl

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

CVE-2024-7264
CVE-2025-9086

FaceTime
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Password fields may be unintentionally revealed when remotely controlling a device over FaceTime

Description: This issue was addressed with improved state management.

CVE-2025-43542: Yiğit Ocak

Foundation
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to inappropriately access files through the spellcheck API

Description: A logic issue was addressed with improved checks.

CVE-2025-43518: Noah Gregory (wts.dev)

Kernel
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to gain root privileges

Description: An integer overflow was addressed by adopting 64-bit timestamps.

CVE-2025-46285: Kaitao Xie and Xiaolong Bai of Alibaba Group

Photos
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Photos in the Hidden Photos Album may be viewed without authentication

Description: A configuration issue was addressed with additional restrictions.

CVE-2025-43428: an anonymous researcher, Michael Schmutzer of Technische Hochschule Ingolstadt

WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.

Description: A use-after-free issue was addressed with improved memory management.

CVE-2025-43529: Google Threat Analysis Group

What matters most for you

Now the list above is long, so here are the fixes that stand out in plain terms.

  • Next, the kernel fix matters because it blocks an app from gaining root privileges.
  • Also, the Icons fix matters because it stops an app from learning what other apps you installed.
  • Then, the Photos fix matters because it blocks access to your Hidden Photos album without authentication.
  • After that, Screen Time fixes matter because they reduce the risk of Safari history and other sensitive data leaking through logs.
  • Finally, WebKit fixes matter because Safari and web content remain common attack paths, and Apple flags reports of highly targeted exploitation on older iOS versions.

Where to find the rest of Apple’s security notes

Now Apple says many of these fixes also appear in the other updates released today. Also, Apple provides separate security pages for each platform update, including these:

Now, if you already installed iOS 26.2 or iPadOS 26.2, you also installed these security fixes as part of the update.

Discussion

Join the discussionCommenting as a guest — your email is never published · Log in

Protected by Akismet — be kind, stay on topic.

This site uses Akismet to reduce spam. Learn how your comment data is processed.