Overview
- Apple’s security notes list more than 20 vulnerabilities patched in iOS 26.2, including two WebKit CVEs Apple says were used against specific targeted individuals before iOS 26, with Google’s Threat Analysis Group credited for CVE-2025-43529.
- A kernel issue tracked as CVE-2025-46285 that could let an app gain root privileges was fixed, alongside notable patches for App Store payment tokens, Hidden Photos access, FaceTime password exposure and app enumeration.
- Apple published detailed advisories and issued parallel 26.2 updates for iPadOS, macOS Tahoe, watchOS, tvOS and visionOS, urging users to install the updates without delay.
- A security-only iOS 18.7.3 was released alongside iOS 26.2 to deliver the fixes for older devices that remain on iOS 18.
- Researchers say the linked WebKit disclosures and the kernel fix align with chained, highly targeted spyware activity, and Apple recently sent cyber threat notifications across more than 80 countries.