Update Now: iOS 26.3 and macOS Tahoe 26.3 Fix Dozens of Security Vulnerabilities

[MacRumors]

Apple today released iOS 26.3, iPadOS 26.3, and macOS Tahoe 26.3, all of which largely focus on bug fixes and security improvements. Apple says that the updates address dozens of vulnerabilities, including one that is known to have been actively exploited.

That vulnerability in the dyld dynamic link editor could allow for the execution of arbitrary code, and Apple says the bug may have been exploited in an "extremely sophisticated attack" against targeted individuals on versions of iOS before iOS 26.

An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.

Apple says the memory corruption issue was fixed with improved state management.

There are numerous other vulnerabilities that were also fixed across not only iOS, iPadOS, and macOS, but also Apple's other platforms that saw updates released today.

Now that these vulnerabilities have been publicized by Apple, even those that were not exploited before might be taken advantage of now. Apple recommends all users update their devices to iOS 26.3, iPadOS 26.3, and macOS Tahoe 26.3 as soon as possible.

Article Link: Update Now: iOS 26.3 and macOS Tahoe 26.3 Fix Dozens of Security Vulnerabilities

 

[MacMan988]

Which means we've been using Macs with dozens of security issues

 

[dannyyankou]

I know people get bored with minor updates, but I think we take for granted sometimes the security updates that iOS gets. They do a good job preventing cyber attacks.

 

[dannyyankou]

Which means we've been using Macs with dozens of security issues

Which usually isn’t a big deal because these vulnerabilities are often patched before anyone knows anything about them. But this update fixes one that was being actively exploited. It’s a good idea to update.

 

[goonie4life9]

There is no Mac update showing as available.

 

[Howard2k]

Which means we've been using Macs with dozens of security issues

That's always the case. There are security issues in 26.3 too.

 

[HouseLannister]

There is also an iOS 18.7.5 release that fixes these same vulnerabilities, but once again Apple has chosen to only give it to devices that cannot run iOS 26.

 

[rymc02]

Phone App is bad

 

[Howard2k]

Wonder if this is related at all.

New 'ZeroDayRAT' Spyware Kit Enables Total Compromise of iOS, Android Devices

ZeroDayRAT mobile spyware provides full remote access to Android and iOS with live camera feeds, key logging, bank and crypto theft and more.

www.securityweek.com

 

[trusso]

There is also an iOS 18.7.5 release that fixes these same vulnerabilities, but once again Apple has chosen to only give it to devices that cannot run iOS 26.

Shameful that Apple is doing this. It's obvious they don't actually care about security if they won't provide updates to iOS 18 users who still want to stay on iOS 18. Despicable.

 

[Populus]

Which means we've been using Macs with dozens of security issues

Yeah, and probably this 26.3 also has its fair share of vulnerabilities as well, some of them being exploited.

When I updated to 26.2, it apparently had many security fixes, but I updated because it was efficient and showed a good performance. The security fixes were a welcomed extra, but as we know, there were more vulnerabilities to be patched. Same with 26.2.1, and the same with 26.3

What I mean is, I’ll try not to be too long without updating (not more than half a year ideally) but I’ll do it as long as performance and battery life are not taking a big hit.

If iOS 26.3 shows good performance and no efficiency issues (battery drain) I’ll probably update. But I’m not blindly updating every month, playing the software lottery.

 

[goonie4life9]

Shameful that Apple is doing this. It's obvious they don't actually care about security if they won't provide updates to iOS 18 users who still want to stay on iOS 18. Despicable.

Conversation inside Apple: “We have provided customers with unrivaled access to security updates for the best-in-class, privacy protecting devices. The updates available in iOS 26.3 are true game changers for eligible devices that we at Apple think customers will love. If customers don’t want to take their eligible devices to a whole new level with the available updates, they are free to do so. Apple is fully in support of user choice.”

 

[m1maverick]

Which means we've been using Macs with dozens of security issues

You still are.

 

[kotaKat]

Hmmmm… I bet they’ll come out with 26.4 next.

Subscribe to my newsletter for more!

 

[klasma]

They do a good job preventing cyber attacks.

We have no way to really judge that.

 

[Gengar]

The update was like 1.9 GB on my iPhone 17 Pro Max and 1.68 GB on my iPhone Air, but why is it 10.33 GB on the iPad mini? Must be a LOT of new features or bug fixes...

 

[name99]

That's always the case. There are security issues in 26.3 too.

Obviously this is true.
The more interesting question is whether there's a step change in 26.3 and going fwd (26.4 and especially 27).

It's still unclear to me the extent to which AI coding tools can ingest a large codebase then produce useful results when asked "find the bugs" (or more targeted statements like "find the race conditions" and "find the security issues"). But my guess is that these tools actually can do this, and do it fairly well (and this success already is a large part of why companies are willing to bet $600B on AI capex in 2026).

This is somewhat different from "fix the bugs", which is also interesting and important; but my guess is that every large SW company will mostly be spending 2026 figuring out, engineer by engineer and team by team how best to take advantage of "find the bugs" and "fix the bugs" and that (planned or not!) the 2027 and 2028 crop of OS's will be substantially Snow Leopard-like, just huge numbers of fixes to everything, with limited new features (except of course AI features).

 

[CoachRocks]

Dozens???

 

[Danilamak]

Damn, this is nuts, I'm on 18 and 3 minor security updates behind, because Apple need my phone to be less usable to buy new

 

[jdawgnoonan]

I can say, I have been using the public beta of 26.3 since it was released and multiple people in my circle have lots of issues in CarPlay on 26.2 that I have not had on 26.3. This includes my wife who uses the same vehicles I use.

 

[ifxf]

Apple is now promoting security updates to get people to update to 26.

 

[mielie]

I imagine updates like this are a lot more popular now that we have the 'Liquid Glass' UI on Tahoe. I'm sure I'm not the only one who updates their machine at the earlier opportunity in the desperate hope they've seen sense and gone back to their old UI!

 

[steve333]

Will it fix the disappearing tabs?
Sure hope so

 

[Allen_Wentz]

X.3 is usually when I either go to the new OS or decide to skip that OS entirely. I am waiting for reports on stability.

 

[Allen_Wentz]

Shameful that Apple is doing this. It's obvious they don't actually care about security if they won't provide updates to iOS 18 users who still want to stay on iOS 18. Despicable.

Nonsense. My experience has been that Apple does a very good job of security updating Macs for ~at least 7 years. Not perfect, but well done and very well intended.