Apple Releases Security Updates Addressing Over 100 Vulnerabilities Across Multiple Platforms
Apple released a comprehensive set of security updates for its major operating systems and applications, including iOS 26.1, iPadOS 26.1, macOS Tahoe 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, tvOS 26.1, watchOS 26.1, visionOS 26.1, Safari 26.1, and Xcode 26.1. The updates address 110 vulnerabilities, several of which involve memory corruption issues in components such as ImageIO, FontParser, and WebKit, potentially allowing remote code execution. Other vulnerabilities could allow unauthorized access to sensitive user data through components like Spotlight, CoreMedia, MallocStackLogging, Admin Framework, sudo, Security, SoftwareUpdate, and AppleMobile. None of the vulnerabilities were reported as actively exploited at the time of release, and Apple provided limited technical details in its advisories.
Security authorities, including the Canadian Centre for Cyber Security, have urged users and administrators to promptly apply these updates to mitigate potential risks. The updates are considered routine but critical, given the breadth of affected products and the potential impact of the vulnerabilities. Users are advised to review Apple's official security update documentation and ensure all devices are updated to the latest versions to maintain security and privacy protections.
Sources
1 more from sources like ca ccs
Related Stories
Apple Releases iOS 26.1 and iPadOS 26.1 Security Updates Addressing Critical Vulnerabilities
Apple released iOS 26.1 and iPadOS 26.1, delivering critical security updates for a wide range of supported iPhone and iPad models. The updates address multiple vulnerabilities, including flaws in the Neural Engine that could allow malicious apps to crash system components or corrupt kernel memory, and weaknesses in Apple Account privacy controls that previously allowed unauthorized screenshot capture of sensitive data. Additional fixes strengthen sandbox enforcement and file integrity controls, reducing the risk of unauthorized data access or privilege escalation by malicious applications. Apple maintains its policy of withholding vulnerability details until patches are available, emphasizing the importance of timely updates for all eligible users. The company is also preparing for future releases, with iOS 26.2 expected to introduce new features such as digital passport support and RCS encryption, further enhancing both security and privacy for its user base.
4 months ago
Apple Security Updates Address Multiple Vulnerabilities Including an In-the-Wild Exploited Memory Corruption Flaw
Apple issued security updates across its ecosystem to address **multiple vulnerabilities** affecting *iOS, iPadOS, macOS, tvOS, watchOS,* and *visionOS*, with impacts including **remote code execution (RCE)**, denial of service, elevation of privilege, information disclosure, data manipulation, and security restriction bypass. HKCERT highlighted **CVE-2026-20700** as a **high-risk** issue and noted it is **being exploited in the wild**; the flaw is described as an **improper restriction of operations within the bounds of a memory buffer** that could allow arbitrary code execution when an attacker has memory-write capability. Apple’s iOS 26.3 and iPadOS 26.3 security content includes fixes for issues that could expose sensitive information on a locked device (e.g., **CVE-2026-20645** and **CVE-2026-20674**) and a Bluetooth-related denial-of-service condition where a privileged network attacker could trigger DoS using crafted packets (**CVE-2026-20650**). The updates apply to **iPhone 11 and later** and a range of supported iPad models, and Apple reiterated its policy of publishing details after patches are available.
1 months ago
Apple security updates addressing actively exploited iOS and macOS vulnerabilities
Apple published multiple security advisories across iOS/iPadOS, macOS, and watchOS releases that include fixes for vulnerabilities reported as **actively exploited** in the wild. Notable exploited issues include iOS/iPadOS 15.6.1 fixes for **kernel** and **WebKit** out-of-bounds writes enabling arbitrary code execution (`CVE-2022-32894`, `CVE-2022-32893`), iOS/iPadOS 16.3.1’s exploited **WebKit** type confusion leading to code execution (`CVE-2023-23529`), and iOS/iPadOS 15.7.5 plus macOS Big Sur 11.7.6 addressing an **IOSurfaceAccelerator** out-of-bounds write that could yield kernel-level code execution (`CVE-2023-28206`) alongside an exploited **WebKit** use-after-free (`CVE-2023-28205`). Apple also shipped iOS/iPadOS 16.6.1 and macOS Ventura 13.5.2 updates to remediate an exploited **ImageIO** buffer overflow (`CVE-2023-41064`) and an exploited **Wallet** attachment validation issue that could allow code execution (`CVE-2023-41061`). Separately, Apple’s iOS 17.0.1 and watchOS 9.6.3 advisories describe two vulnerabilities (`CVE-2023-41991`, `CVE-2023-41992`) reported by **Citizen Lab** and Google’s **Threat Analysis Group** as exploited against versions prior to iOS 16.7, involving **signature validation bypass** and **local privilege escalation**. Other referenced advisories (e.g., iOS/iPadOS 16.7, iOS/iPadOS 17.2, iOS/iPadOS 18.1, iOS/iPadOS 18.3, macOS Sequoia 15.1, iOS/iPadOS 26.1, macOS Tahoe 26.1, iOS/iPadOS 26.2) primarily enumerate additional CVEs and privacy/logic/memory-safety fixes but do not clearly tie to the same specific exploited-vulnerability disclosures, indicating they are broader platform security bulletins rather than part of a single incident response.
1 months ago