Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Update Now: iOS 26.2 Fixes 20+ Security Vulnerabilities

Diopter said:
And some of the security fixes were included in 18.7.3 too...

But so far 18.7.3 hasn't been released for iPhones that are capable of upgrading to iOS 26, even if they're still on 18.7.2. It's currently only available to devices that can't upgrade to iOS 26.

I hope that's a temporary error and not a deliberate move by Apple to force users to update to iOS 26.
Click to expand...
I see it available for the iOS 18 Seed audience in Software Update settings....not sure if this is just an accident or maybe they need another working day or two for an updated 18.7.3 build to come out. Given this was released on a Friday, it wouldn't surprise me if there was a last minute fix that came in, and they prioritized getting iOS 26 out the door a few days earlier.

It's pretty clear from their security page, that 18.7.3 is for recent hardware capable of running iOS 26.
 
Last edited:
Diopter said:
And some of the security fixes were included in 18.7.3 too...

But so far 18.7.3 hasn't been released for iPhones that are capable of upgrading to iOS 26, even if they're still on 18.7.2. It's currently only available to devices that can't upgrade to iOS 26.

I hope that's a temporary error and not a deliberate move by Apple to force users to update to iOS 26.
Click to expand...

It's not true on my M1 iPad.

1765584487882.png

My M1 iPad is both eligible for 26 and getting 18.7.3.
 
MacRumors said:


Apple today released iOS 26.2, iPadOS 26.2, and macOS 26.2, all of which introduce new features, bug fixes, and security improvements. Apple says that the updates address over 20 vulnerabilities, including two bugs that are known to have been actively exploited.

bug-security-vulnerability-issue-fix-larry.jpg

There are a pair of WebKit vulnerabilities that could allow maliciously crafted web content to execute code or cause memory corruption. Apple says that the bugs might have been exploited in an attack against targeted individuals on versions of iOS before iOS 26.

One of the WebKit bugs was fixed with improved memory management, while the other was addressed with improved validation.

There are several other vulnerabilities that were fixed too, across apps and services. An App Store bug could allow users to access sensitive payment tokens, processing a malicious image file could lead to memory corruption, photos in the Hidden Album could be viewed without authentication, and passwords could be unintentionally removed when remotely controlling a device with FaceTime.

Now that these vulnerabilities have been publicized by Apple, even those that were not exploited before might be taken advantage of now. Apple recommends all users update their devices to iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2 as soon as possible.

Article Link: Update Now: iOS 26.2 Fixes 20+ Security Vulnerabilities
Click to expand...
Well, I just updated and OS is eating my memory. I have 24GB of memory and, with only Chrome open I am down to 8GB available memory. Unbelievable. Normally it would be at about 14 right now. When I quite chrome it went up to 12. With nothing open. 12. So, the OS is eating half of my memory. Apple???????? Fix it!!!!!
 
  • Like
  • Disagree
Reactions: platinumaqua, phuklok1 and ececlv
jgba said:
Backporting one fix in a monolithic OS update isn't as good. "super chimp" above has the latest Chrome on his Android 11. Your wife hasn't had the latest Safari in years.
Click to expand...

Can add for context I’m amazed how long apps in Android get supported for. Yeah it’s not the same as getting OS updates for the overall system but at least things like the browser and gmail continue to get security updates, and some feature updates in them.
 
  • Like
Reactions: gusmula
Diopter said:
Yes, I noted that here:

https://forums.macrumors.com/thread...ecurity-vulnerabilities.2474609/post-34333970

It seems illogical that they’d be trying to force iOS users on to 26, but not iPadOS users, which makes it look more like a mistake.
Click to expand...
I remember it took them a couple of days after iOS 26.1 was released to the public for the 18.7.2 to be available on iOS26- supported hardware. I remember trying to get it on the same day 26.1 came out and it wasn’t there. I’m confident everyone’s getting 18.7.3 as many pointed out, it wouldn’t make sense just making it available for iPads and not iPhones.
 
  • Like
Reactions: Diopter and HazeAndHahmahneez
Thought I'd explain what Project Mainline is and how it works for updating Android given the numerous misconceptions about what it is/does I come across.

Before Mainline there was Treble, which was Google's first big attempt to control the fragmentation problem with Android (when OEMs had so much custom modification on their respective devices it was impossible for Google to update directly). This resulted in users having to wait for OEMs to release updates (if they even bothered to).

Mainline is the next step after Treble and took several key aspects of Android and made them into "modules". For example, BlueTooth would be a module. If an exploit was discovered using BlueTooth then Google could update this module directly to users phones without waiting for the OEM.

The picture below shows a simplified view of Android with all the Mainline modules in green. Note that the kernel and vendor specific implementations are not included (or updateable) by Mainline. This should be your first clue that Mainline isn't capable of dealing with all security threats. They can only deal with exploits present in a Mainline module.

Android 10 was the first version to ship with Mainline and it had 13 modules. Android 11 had 22 modules, Android 12 had 27 modules and Android 16 now has over 50 modules. Today Google states that "some" parts of Android are in Mainline modules. They don't say "all", "most" or even "the majority". We don't know how much more of Android will end up in modules, but it's a fair bet there is still much to convert. The idea that Mainline can update your entire device or any security exploits is false. It can update a LOT, and it's gotten better over the years via new modules, but it still has a way to go.

Not all modules are mandatory (most core modules are). Some are optional so even if Google updated a module it might not apply to your device if the OEM decided to use something else (maybe to interact with a specific hardware feature). BlueTooth is one of these optional modules, so if your phone uses custom code for BlueTooth then you're going to wait until that OEM fixes the exploit.

Further, modules are tied to the Android version. Even though Android today has over 50 modules, if you're running an older version then you only get the modules that came with your version of Android (and therefore miss out on security updates to all the newer modules, reverting back to waiting for the OEM to patch your device). A few modules have been back-ported to older versions of Android (the Photo Picker API is an example), but generally newer modules that are tied to the Android version don't come to older versions.

Bottom line: Google has made significant progress in dealing with fragmentation and can update many parts of Android (and this is growing with every release) directly and bypass OEMs. There are also significant parts of Android they are unable to update (like the kernel) which still requires updates the old-fashioned way. They're getting closer to Apple but Apple is still ahead in their ability to get critical updates out to users.
 

Attachments

  • mainline.png
    mainline.png
    25.8 KB · Views: 1
  • Like
Reactions: MacHeritage, sleeptodream, Putte_Kindh and 2 others
TVreporter said:
Somehow my phone updated overnight to 26 — I did not want this and could have sworn I constantly hit cancel on any updates.
Click to expand...
It’s too late for you, but for everyone else wanting to avoid 26: you need to turn off automatic updates completely. In the beginning automatic updaters get the option to upgrade the major version. Eventually (which is now) it becomes the default.
 
  • Like
Reactions: AstonSmith
Will definitely update but only after a few days. Considering recent issues with software quality, don't want to face any major issues after updating and presence of any such issues should be known within the next 24 to 48 hours as more users will be installing the update.
 
  • Like
Reactions: super chimp and mganu
What do you even have to do to be targetted by one of these security vulnerabilities? My parents still regularly use an iPad Air stuck on iOS 12 without any issues.
 
  • Like
Reactions: platinumaqua
xXRainKingXx said:
What do you even have to do to be targetted by one of these security vulnerabilities? My parents still regularly use an iPad Air stuck on iOS 12 without any issues.
Click to expand...
For the average user it's probably fine. If you are a journalist asking too many questions of an authoritarian regime, then you probably want to update.

I do chuckle at the anti iOS 26 brigade, acting like it's a virus or something. It's not that bad... not great looking, but you can change the look to something readable without too much effort. That said Material 3 on my pixel is much better looking than iOS 26
 
  • Haha
Reactions: I7guy
Biro said:
As much as I use CarPlay, I’m fearful of upgrading to 26 - even though I have an iPhone 16 Plus. Honestly, if switching to 26 broke CarPlay on me, I’d march right out and buy Samsung Galaxy phone and use Android Auto. I hope Apple has fixed the problem with 26.2.
Click to expand...
keep it simple, use Bluetooth
 
I7guy said:
Starting from my first iPhone, the iPhone 4, I loved the concept but couldn’t type on it. 16 years later I still can’t type as fast or as accurate as I’ve seen others type. My typing is horrendous and many times when I’m at my desk I hook up a small Bluetooth keyboard.
Click to expand...
Honestly I struggle with the iOS keyboard. I find gboard on android the best for typing, but it seems stymied on iOS so don't bother with it.
 
  • Like
Reactions: gusmula and I7guy
The more features added and used the more security holes created. Why no options but to update software as soon as possible.
 
xXRainKingXx said:
What do you even have to do to be targetted by one of these security vulnerabilities? My parents still regularly use an iPad Air stuck on iOS 12 without any issues.
Click to expand...
The problem are those pesky zero day vulnerabilities that might get clicked due to a phishing email or text message.

Barring that and not relying on the device for sensitive transactions, you will probably be okay.
 
Last edited:
  • Like
Reactions: robvalentine
I7guy said:
Starting from my first iPhone, the iPhone 4, I loved the concept but couldn’t type on it. 16 years later I still can’t type as fast or as accurate as I’ve seen others type. My typing is horrendous and many times when I’m at my desk I hook up a small Bluetooth keyboard.
Click to expand...
Fat finger syndrome - I can relate ;)
 
  • Like
Reactions: I7guy
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back