The latest security patch for iOS, version 26.5.2, addresses 29 vulnerabilities that could potentially allow malicious apps to cause system termination, disclose sensitive user information, or exfiltrate data cross-origin.
None of these flaws has a known active exploit, but developers have taken steps to address potential issues in various components, including IOGPUFamily, Lyutoon, DunKernel, Kernel, libxslt, Web Extensions, WebKit, and WebRTC.
The patches include fixes for a range of issues, such as unexpected system termination, memory corruption, and data exfiltration. They also address specific problems in WebKit, including use-after-free issues, path handling issues, and out-of-bounds access issues.
Some of the notable vulnerabilities addressed in the patch include a potential use-after-free issue in WebKit that could lead to memory corruption, a type confusion issue in WebKit that could result in memory corruption, and a permissions issue in WebKit that could lead to sensitive data being leaked.
In addition to these issues, the patch also addresses vulnerabilities in other components, including a double free issue in libxslt that could lead to an unexpected process crash, and an out-of-bounds access issue in WebRTC that could result in an unexpected Safari crash.
To install the latest security patch, simply update to iOS 26.5.2 using the standard method. If you have Automatic Updates enabled, the OS should update on its own in due time. Alternatively, you can manually initiate the update by heading to General > Software Update and following the on-screen instructions.
The patch is available now, and it is recommended that all iOS users install it as soon as possible to ensure the security and stability of their device.