Update Now: iOS 26.2 Fixes 20+ Security Vulnerabilities

Apple today released iOS 26.2, iPadOS 26.2, and macOS 26.2, all of which introduce new features, bug fixes, and security improvements. Apple says that the updates address over 20 vulnerabilities, including two bugs that are known to have been actively exploited.
There are a pair of WebKit vulnerabilities that could allow maliciously crafted web content to execute code or cause memory corruption. Apple says that the bugs might have been exploited in an attack against targeted individuals on versions of iOS before iOS 26.
Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.
Processing maliciously crafted web content may lead to memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.
One of the WebKit bugs was fixed with improved memory management, while the other was addressed with improved validation.
There are several other vulnerabilities that were fixed too, across apps and services. An App Store bug could allow users to access sensitive payment tokens, processing a malicious image file could lead to memory corruption, photos in the Hidden Album could be viewed without authentication, and passwords could be unintentionally removed when remotely controlling a device with FaceTime.
Now that these vulnerabilities have been publicized by Apple, even those that were not exploited before might be taken advantage of now. Apple recommends all users update their devices to iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2 as soon as possible.
Related Roundups: iOS 26, iPadOS 26