macOS 26.5, iOS 26.5 and Co.: Apple patches numerous security vulnerabilities
The updates released yesterday are once again full of security-relevant bug fixes. Users of older macOS versions are waiting for a new Safari.
Update on an iPhone (here iOS 26): Many security vulnerabilities have been patched again.
(Image: Ascannio / Shutterstock.com)
Apple's updates for the iPhone, iPad, Mac, Vision Pro, Apple TV, and Apple Watch, released on Monday evening, once again come with a lot of security fixes. A look at the security information now available shows dozens of vulnerabilities have been patched. Users of older systems should also be careful when using Safari, as Apple has once again not updated the browser immediately; the update is expected to be available later today.
Many fixes, some remote exploits
iOS 26.5 and iPadOS 26.5 come with over 50 bug fixes. Over 20 additional fixes are included in the updates, about which Apple provides no further details (which is repeatedly criticized). Apple apparently has no reports of vulnerabilities already being exploited, but three of the patched bugs allowed remote attacks (one denial-of-service, one system crash, and kernel memory corruption, one app crash).
Videos by heise
Numerous errors were found in the kernel, including one that could grant root privileges. The mDNSResponder routine was also vulnerable to various problems. Numerous other system areas are affected, from accounts and the APFS file system to WidgetKit and zlib. Finally, Apple also fixes a couple of WebKit errors in the Safari browser.
Safari for older macOS versions is taking its time
macOS 26.5 comes with a similar level of bug fixes as iOS and iPadOS, with similar issues. Here too, there are almost two dozen errors that Apple does not classify further. Five errors are remotely exploitable, including the partial bypass of the Lockdown Mode (Apple Mail loads images after) and a crash via SMB. Apple does not share reports of actual attacks. WebKit bugs are fixed by a new version of Safari.
tvOS 26.5, watchOS 26.5, and visionOS 26.5, as usual, include the bug fixes from the other variants, provided the affected routines are present on the devices. Here too, there are no reports of known attacks, but several remote vulnerabilities. Parts of the vulnerabilities are also fixed in macOS 15.7.7 and macOS 14.8.7, but not all. Annoying: Apple has once again not immediately provided a new Safari version for the older systems (Safari 26.5). This is bad, as these browsers will continue to be used with known vulnerabilities.
Updates for old iOS and iPadOS
Apple has also updated older iOS and iPadOS versions: these are 18.7.9 for iPhone XS, XS Max, XR and iPad 7, iPadOS 17.7.11 for several older iPads, and iOS 15.8.8 and iPadOS 15.8.8 and iOS 16.7.16 and iPadOS 16.7.16. Once again, only the most problematic errors are fixed; those who want all errors fixed must switch to iOS 26.5 and Co., provided they still run on the older devices.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
