Apple has released iOS 26.5.2 and iPadOS 26.5.2, which include patches for 29 security vulnerabilities. None of these flaws are considered zero-days, meaning they were not publicly disclosed or actively exploited before the updates became available.
Most of the patched issues are related to WebKit, the engine used by Safari and many in-app browsers in third-party iOS apps.
Apple recommends installing the update as soon as possible. Since these vulnerabilities have now been publicly disclosed, there is an increased risk that attackers may attempt to develop exploits for devices that haven't yet been updated.
What iOS 26.5.2 and iPadOS 26.5.2 Fix
iOS 26.5.2 addresses several vulnerabilities across different components. In WebKit and related areas, it fixes issues related to memory corruption and use-after-free bugs that could cause Safari to crash when handling malicious web content.
It also resolves cross-origin data leaks that could allow malicious sites to read sensitive information from other sites, along with sandbox escape flaws that might let websites process restricted content outside the secure environment.
Additionally, the update patches a clipboard hijacking vulnerability that could let websites silently access clipboard data and a flaw that could leak sensitive information simply by visiting certain websites, even without malicious intent.
In the kernel, the update fixes a vulnerability that could enable an app to leak sensitive kernel state, along with issues that could lead to unexpected system termination. It also addresses a flaw capable of corrupting kernel memory.
Other components are also affected. For example, the IOGPUFamily flaw could cause unexpected system shutdowns, and problems with libxslt might lead to process crashes when processing malicious web content.
Web Extensions vulnerabilities could allow malicious extensions to cause unexpected process crashes, and WebRTC flaws may result in Safari crashes during the handling of malicious web content.
A full list of CVE identifiers and detailed technical descriptions can be found in Apple's official security release notes.
Although none of the patched flaws are confirmed to be actively exploited, the number and nature of these issues call for prompt updates.
Multiple WebKit vulnerabilities affect not only Safari but also many in-app browsers used across various iOS apps.
Cross-origin and sandbox escape flaws can have serious consequences if chained with other vulnerabilities. The public disclosure of these flaws provides attackers with a starting point for developing working exploits.
Kernel-level issues could also compromise the broader security of a device.
For users handling sensitive information on their iPhone or iPad, such as financial data, healthcare details, or work credentials, updating sooner rather than later can help minimize the risk of exposure.
To install iOS 26.5.2 on an iPhone or iPadOS 26.5.2 on an iPad, connect the device to Wi-Fi and make sure it has enough battery life or is plugged in:
- Open the Settings app, then go to General and select Software Update. If iOS 26.5.2 appears, tap Download and Install.
- Follow the on-screen instructions to complete the update.
Devices with Automatic Updates turned on will install the update automatically during the standard rollout. Users who want to update sooner can manually trigger the process.
iOS 27 is set to be released this fall, bringing new features such as Apple Wallet receipt scanning for bill splitting, custom location sharing durations in Find My, and Local Lists in Apple Maps.
While iOS 26 is unlikely to receive major new features, Apple will continue releasing security updates as vulnerabilities are identified. iOS 26.5.2 is now available for all supported iPhone models, and iPadOS 26.5.2 is available for supported iPad models.
Thank you for being a Ghacks reader. The post Apple Releases iOS 26.5.2 With 29 Security Fixes, Most Affecting WebKit appeared first on gHacks.
0 Commentaires