The Kaipher Editorial Team 
Apple released comprehensive security updates Monday addressing 27 vulnerabilities in iOS 26 and iPadOS 26, alongside 77 flaws in macOS 26, while simultaneously backporting critical fixes for the previously exploited zero-day vulnerability CVE-2025-43300 to older device versions (Apple Security Support). The Cupertino-based tech giant pushed out iOS 26 and iPadOS 26 for newer devices, featuring not only the company’s new “Liquid Glass” design but also comprehensive security patches targeting memory corruption, information disclosure, crashes, and sandbox escapes.
Major Platform Updates with Extensive Security Coverage
The iOS 26 and iPadOS 26 updates address vulnerabilities across multiple system components, with WebKit receiving the most fixes at five patches. Other affected areas include Apple Neural Engine, Bluetooth, CoreAudio, CoreMedia, Kernel, Safari, and Sandbox systems. Security researchers note that none of the newly addressed vulnerabilities appear to be under active exploitation (CyberScoop).
macOS 26 (codenamed “Tahoe”) received even more extensive patching, with 77 unique vulnerabilities addressed across components including WebKit, AppleMobileFileIntegrity, SharedFileList, Bluetooth, and Sandbox systems. The update weighs 7.7 GB for Apple Silicon Macs upgrading from recent Sequoia versions and 6.1 GB for Intel Macs.
“On the iOS side, I don’t see anything that makes me sweat immediately but there are a lot of bugs addressed,” Dustin Childs, head of threat awareness at Trend Micro’s Zero Day Initiative, told CyberScoop. However, he highlighted two macOS vulnerabilities—CVE-2025-43298 affecting PackageKit and CVE-2025-43304 affecting StorageKit—as concerning because they could allow attackers to gain root privileges.
Previously Exploited Zero-Day Gets Extended Coverage
Apple simultaneously released security updates for older devices, backporting fixes for CVE-2025-43300 to iOS 15.8.5, iPadOS 15.8.5, iOS 16.7.12, and iPadOS 16.7.12 (Bleeping Computer). The vulnerability, which Apple first patched in August, affects the ImageIO framework and was exploited in what the company described as “extremely sophisticated attacks against specific targeted individuals.”
The Cybersecurity and Infrastructure Security Agency added CVE-2025-43300 to its Known Exploited Vulnerabilities catalog in August, ordering federal agencies to patch the flaw by September 11. The vulnerability has been linked to targeted spyware campaigns, with WhatsApp confirming that attackers chained it with their own messaging app flaw (CVE-2025-55177) to target fewer than 200 users worldwide.
Comprehensive Cross-Platform Security Initiative
Apple also released complementary updates including iOS 18.7 and iPadOS 18.7 with 12 security fixes, macOS Sequoia 15.7, macOS Sonoma 14.8, tvOS 26, watchOS 26, visionOS 26, Safari 26, and Xcode 26. This marks the seventh zero-day vulnerability Apple has addressed this year, adding to previous patches released in January, February, March, April, and August (Security Week).
The security updates arrive as Apple prepares to ship new iPhone models later this week, with the company maintaining its commitment to patching vulnerabilities across supported devices dating back to 2019. Users who prefer not to upgrade to the latest operating systems can still receive critical security patches through the legacy update channels.
Key Vulnerability Categories Addressed
The iOS 26 security fixes span multiple critical areas:
- Memory corruption vulnerabilities in Audio processing and system components
- Sandbox escape flaws that could allow malicious apps to break containment
- Information disclosure issues affecting user privacy
- Kernel vulnerabilities with potential for privilege escalation
- Bluetooth security improvements addressing connection hijacking risks
macOS 26 addresses additional enterprise-focused security concerns:
- Root privilege escalation vulnerabilities in system management components
- Cross-app resource access restrictions strengthening application isolation
- Network security enhancements for corporate environments
- File system integrity protections against tampering
This extensive security update demonstrates Apple’s continued commitment to proactive vulnerability management across its ecosystem, with the company addressing more than 100 security flaws in a single coordinated release while ensuring older devices remain protected through targeted backports of the most critical fixes.
