Overview
- Apple issued iOS 26.5.2, iPadOS 26.5.2 and macOS Tahoe 26.5.2 as security‑only updates that roll out fixes first seen in the 26.6 betas.
- The updates cover roughly 25 to 29 vulnerabilities, with most fixes in WebKit and WebRTC and several kernel patches that address use‑after‑free, memory corruption and cross‑origin logic errors.
- Apple told Reuters it moved the fixes up because increasingly capable AI models can shorten the time needed to find and weaponize vulnerabilities and the company said it has no evidence the patched flaws were exploited in the wild.
- Because WebKit is used by all browsers on iPhone and iPad the bugs pose broad exposure and security vendors and outlets are urging users to install 26.5.2 now via Settings or IPSW and to enable automatic updates and protections like two‑factor authentication.
- The release signals a procedural change toward faster, out‑of‑band security rollouts while Apple continues testing 26.6 betas and developing the feature‑focused iOS 27 cycle, which could mean more urgent patching outside normal update timelines.