Apple has released iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2, addressing a total of 25 security vulnerabilities. Users are strongly advised to update immediately.
Among the patched vulnerabilities, the most critical are CVE-2025-43529 and CVE-2025-14174, two WebKit flaws discovered by Google's Threat Analysis Group. Apple confirmed that hackers have exploited these vulnerabilities to launch highly sophisticated targeted attacks on older iOS versions. The update mitigates these risks by enhancing memory management and validation mechanisms, preventing malicious web content from triggering arbitrary code execution.
For the App Store, Apple implemented additional restrictions to resolve a permissions issue that allowed apps to access sensitive payment tokens. This vulnerability, labeled CVE-2025-46288, was reported by ByteDance's IES Red Team researchers floeki and Zhongcheng Li and has now been fixed.
Apple also addressed a severe kernel-level integer overflow vulnerability (CVE-2025-46285), which could have been exploited to crash systems or gain root access. The flaw was identified and reported by Alibaba Group's Kaitao Xie and Xiaolong Bai. Apple engineers resolved the issue by introducing 64-bit timestamp technology, eliminating the underlying security risk.
Comments