iOS, macOS 26.4 Roll Out With Fresh Security Patches

Apple on Tuesday rolled out a fresh wave of security updates to resolve more than 80 vulnerabilities across its mobile and desktop operating systems. iOS 26.4 and iPadOS 26.4 were released for the latest generation iPhone and iPad devices with patches for nearly 40 security defects. WebKit received fixes for eight bugs that could be exploited by malicious websites to bypass policy enforcement, mount XSS attacks, fingerprint users, escape the sandbox, or crash the process. Issues addressed in the kernel could be exploited to disclose kernel memory, leak sensitive kernel state, corrupt kernel memory, or write kernel memory. Vulnerabilities resolved in other components may lead to network traffic interception, access to biometrics-gated Protected Apps, process crashes, app termination, denial-of-service (DoS), installed apps enumeration, sandbox escape, and access to sensitive information. Patches for roughly two dozen of these security defects were delivered to users of older devices as part of the iOS 18.7.7 and iPadOS 18.7.7 security updates. On Tuesday, Apple also rolled out macOS Tahoe 26.4 with fixes for over 75 bugs, including roughly 30 flaws that were addressed with the iOS 26.4 and iPadOS 26.4 updates. The patches target issues in dozens of native components, but also vulnerabilities in third-party open source dependencies, including multiple Apache libraries, Curl, and LibPNG. Additionally, Apple released macOS Sequoia 15.7.5 and macOS Sonoma 14.8.5 with patches for over 50 of these vulnerabilities each. While tvOS 26.4 and watchOS 26.4 were rolled out with fixes for over a dozen vulnerabilities each, visionOS 26.4 is bringing patches for nearly 30 bugs to its users. On Tuesday, Apple also announced the release of Safari 26.4 with fixes for the eight WebKit bugs. Xcode 26.4 was rolled out with patches for two flaws. Apple makes no mention of any of these security defects being exploited in the wild. Additional information on the updates can be found on the company’s security advisories page. Related: Apple Debuts Background Security Improvements With Fresh WebKit Patches Related: Apple Updates Legacy iOS Versions to Patch Coruna Exploits Related: Apple iPhone and iPad Cleared for Classified NATO Use Related: Apple Patches iOS Zero-Day Exploited in ‘Extremely Sophisticated Attack’ WRITTEN BY Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Extortion Group Claims It Hacked AstraZeneca Chrome 146 Update Patches High-Severity Vulnerabilities 3.1 Million Impacted by QualDerm Data Breach Critical Citrix NetScaler Vulnerability Poised for Exploitation, Security Firms Warn Mazda Says Employee, Partner Information Stolen in Cyberattack Chip Services Firm Trio-Tech Says Subsidiary Hit by Ransomware  Aqua’s Trivy Vulnerability Scanner Hit by Supply Chain Attack QNAP Patches Four Vulnerabilities Exploited at Pwn2Own  Latest News Onit Security Raises $11 Million for Exposure Management Platform Russian Cybercriminal Gets 2-Year Prison Sentence in US  AI Speeds Attacks, But Identity Remains Cybersecurity’s Weakest Link FCC Bans New Routers Made Outside the US Over National Security Risks RSAC 2026 Conference Announcements Summary (Day 2) From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI US Prisons Russian Access Broker for Aiding Ransomware Attacks HackerOne Employee Data Exposed in Massive Navia Breach Trending Webinar: Securing Fragile OT In An Exposed World March 10, 2026 Get a candid look at the current OT threat landscape as we move past "doom and gloom" to discuss the mechanics of modern OT exposure. Register Webinar: Why Automated Pentesting Alone Is Not Enough April 7, 2026 Join our live diagnostic session to expose hidden coverage gaps and shift from flawed tool-level evaluations to a comprehensive, program-level validation discipline. Register People on the Move The US Senate confirmed Markwayne Mullin as DHS Secretary. 7AI has appointed Israel Barak as its first Chief Information Security Officer. Brian Harrell has been appointed Chief Security Officer at FirstEnergy. More People On The Move Expert Insights Why Agentic AI Systems Need Better Governance – Lessons From OpenClaw Agentic AI platforms are shifting from passive recommendation tools to autonomous action-takers with real system access, (Etay Maor) The Human IOC: Why Security Professionals Struggle With Social Vetting Applying SOC-level rigor to the rumors, politics, and 'human intel' can make or break a security team. (Joshua Goldfarb) How To 10x Your Vulnerability Management Program In The Agentic Era The evolution of vulnerability management in the agentic era is characterized by continuous telemetry, contextual prioritization and the ultimate goal of agentic remediation. (Nadir Izrael) SIM Swaps Expose A Critical Flaw In Identity Security SIM swap attacks exploit misplaced trust in phone numbers and human processes to bypass authentication controls and seize high-value accounts. (Torsten George) Four Risks Boards Cannot Treat As Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) Flipboard Reddit Whatsapp Email