iOS 26 & Co.: Apple closes many gaps – even in old versions

Contents

With the updates to iOS 26, iPadOS 26 macOS 26 Tahoe, watchOS 26, visionOS 26 and tvOS 26 released yesterday evening, Apple has also fixed a whole host of security-related bugs. In addition, updates for older versions of the operating systems have been released, which also contain security fixes. Users should therefore update their systems to the latest version as soon as possible. In iOS 26 and iPadOS 26, a total of 26 detailed holes have been plugged – In addition, there are over 40 (!) "credit only" notes on gaps, for which Apple has so far only named the areas in which they are located, but has not provided any further information.

Numerous vulnerabilities without further information from Apple

The iOS and iPad problems identified by Apple can be found in almost all system areas – from the Neural Engine to the kernel or IOKit to the WebKit browser engine. Apple does not specify any gaps that have already been exploited. Many of the bugs allow crashes, data leaks (including keyboard attacks via LaunchServices) and other forms of attack. As Apple does not describe many of the vulnerabilities in detail, there are many unknowns in terms of the overall risk.

For users who do not want to update to iOS 26 and iPadOS 26 immediately, Apple is delivering iOS 18.7 and iPadOS 18.7. Unfortunately, they only plug a fraction of the gaps that were fixed in iOS 26 and iPadOS 26. Apple only lists eleven areas with more detailed information plus five "credit only" bugs. Unfortunate: With iOS 16.7.12 and iPadOS 16.7.12 as well as iOS 15.8.5 and iPadOS 15.8.5, Apple is only now releasing updates for these very old systems that close a gap that has been known for some time and is already being exploited.

Over 70 holes in macOS 26 Tahoe patched

macOS 26 alias Tahoe comes with over 70 (!) security-related bug fixes detailed by Apple. In addition, there are over 40 "credit only" gaps without further details. Apple does not provide any information about bugs that have already been exploited; here too, the system is affected across the board. Gaps affect the kernel, open source components of various kinds, MediaLibrary, MigrationKit, Music, Notification Center and much more. Crashes, denial of service attacks, data leaks and more are possible. Here, too, it is not known which possibly (even) more serious problems are contained in the aforementioned "credit only" bugs.

Apple continues to provide macOS 15.7 aka Sequoia for users who do not want to switch to Tahoe right away. (Some release notes from macOS 15.4 appear here – but these are not correct). There are over 30 fixed security-related bugs in the update. There are also six "credit only" bugs. As with the other systems, the only way to be fully protected is to upgrade to the latest version. Apple is also providing macOS 14.8 alias Sonoma, which also only closes a subset of the gaps. Users of macOS 15 and 14 will also receive an update to Safari 26, which is part of macOS 26. Various WebKit bugs are fixed here.

watchOS 26, tvOS 26, visionOS 26 – plus Xcode

Apple continues to fix a number of security issues in tvOS 26, watchOS 26 and visionOS 26 – As usual, there are overlaps with the other updates. Apple traditionally does not provide updates for older versions of these operating systems, so users are forced to update to stay protected.

Finally, Apple has also published Xcode 26 (programming environment), which is intended to prevent a remote code execution vulnerability, sandbox outbreaks and crashes, among other things.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.

Preisvergleiche immer laden Preisvergleich jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

(bsc)