Apple Patches Dozens of Vulnerabilities in macOS, iOS
Apple released 11 security advisories covering iOS/iPadOS 26.5, macOS Tahoe 26.5, and older macOS versions, patching over 60 CVEs in iOS and nearly 80 in macOS, including 20 WebKit flaws.
Apple on Monday published 11 new security advisories to inform customers about dozens of vulnerabilities patched in its operating systems. The updates span iOS/iPadOS 26.5, macOS Tahoe 26.5, macOS Sequoia 15.7.7, and macOS Sonoma 14.8.7, along with watchOS, tvOS, and visionOS.
iOS and iPadOS 26.5 address more than 60 CVEs, including 20 WebKit issues that can lead to crashes, exposure of sensitive user data, and security bypasses. Other vulnerabilities can be exploited for DoS attacks, security bypass, sandbox escape, access to sensitive user data, privilege escalation, and user tracking.
Dozens of the vulnerabilities patched in the latest iOS and iPadOS versions were also addressed by Apple with the release of macOS Tahoe 26.5, which resolves nearly 80 vulnerabilities. The security holes that are specific to macOS can be exploited to access user information, escalate privileges to root, escape the sandbox, cause a crash, bypass Gatekeeper, bypass Gatekeeper, and execute arbitrary code with elevated privileges.
Apple also patched dozens of these vulnerabilities in macOS Sequoia 15.7.7 and macOS Sonoma 14.8.7. watchOS, tvOS, and visionOS have also received security updates. Since they all share the same foundational architecture as iOS, many of the latest iOS patches have been included in these platform updates.
Some advisories inform users that a recent patch for a flaw that can be exploited to recover deleted messages has been rolled out to older iOS versions. The FBI reportedly exploited the weakness to recover Signal chats from a device. Apple has not flagged any of the other vulnerabilities as being exploited in the wild.
The breadth of this patch release underscores the ongoing challenge of securing of Apple's ecosystem across multiple device types and operating system versions. Users are strongly advised to apply the updates promptly to mitigate the risk of exploitation, particularly for the WebKit issues that could be triggered simply by visiting a malicious website.