Apple Releases iOS 26.5.2 With 29 Security Fixes, Most Affecting WebKit | Free Download

Apple has released iOS 26.5.2 and iPadOS 26.5.2, which include patches for 29 security vulnerabilities. None of these flaws are considered zero-day, meaning they were not publicly disclosed or actively exploited before the update became available.

Most of the patched issues relate to WebKit, the engine used by Safari, and many in-app browsers in third-party iOS apps.

Apple recommends installing updates as soon as possible. Since these vulnerabilities have now been publicly disclosed, there is an increased risk that attackers may attempt to develop exploits for devices that have not yet been updated.

What iOS 26.5.2 and iPadOS 26.5.2 fix

iOS 26.5.2 addresses multiple vulnerabilities in various components. In WebKit and related areas, it fixes issues related to memory corruption and use-after-free bugs that could cause Safari to crash when handling malicious web content.

It also addresses cross-origin data leaks that could allow malicious sites to read sensitive information from other sites, as well as sandbox avoidance flaws that could allow websites to process restricted content outside of a secure environment.

Additionally, the update patches a clipboard hijacking vulnerability that could let websites silently access clipboard data and a flaw that could leak sensitive information when visiting certain websites, even without malicious intent.

In the kernel, the update fixes a vulnerability that could enable an app to leak sensitive kernel state, as well as issues that could cause unexpected system termination. It also addresses a flaw capable of corrupting kernel memory.

Other components are also affected. For example, the IOGPUFamily flaw can cause unexpected system shutdown, and problems with libxslt can cause the process to crash when processing malicious web content.

Web extension vulnerabilities Malicious extensions can cause unexpected process crashes, and WebRTC flaws can result in Safari crashing when handling malicious web content.

The full list of CVE identifiers and detailed technical details can be found in Apple’s official security release notes.

Although none of the patched flaws have been confirmed to be actively exploited, the number and nature of these issues warrants a prompt update.

Multiple WebKit vulnerabilities affect not only Safari but also several in-app browsers used in various iOS apps.

The cross-origin and sandbox escape flaws could have serious consequences if combined with other vulnerabilities. Public disclosure of these flaws provides a starting point for attackers to develop working exploits.

Kernel-level issues can also compromise the broader security of a device.

For users who handle sensitive information like financial data, health care details, or work credentials on their iPhone or iPad, updating later may help reduce the risk of exposure.

Why should users install the update soon?

To install iOS 26.5.2 on iPhone or iPadOS 26.5.2 on iPad, connect the device to Wi-Fi and make sure it has enough battery life or is plugged in:

  1. Open the Settings app, then go to General and select Software Update. If iOS 26.5.2 appears, tap Download and Install.
  2. Follow the on-screen instructions to complete the update.

Devices with automatic updates turned on will automatically install updates during the standard rollout. Users who want to update quickly can trigger the process manually.

iOS 27 is set to be released this fall, including new features like Apple Wallet receipt scanning for bill splitting, custom location sharing periods in Find My, and Local Listings in Apple Maps.

While iOS 26 is unlikely to receive major new features, Apple will continue to release security updates as vulnerabilities are identified. iOS 26.5.2 is now available for all supported iPhone models, and iPadOS 26.5.2 is available for supported iPad models.

Thanks for being a Ghax reader. The post Apple releases iOS 26.5.2 with 29 security fixes, WebKit impacts the most appeared first on gHacks.

Source:Ghacks

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top