Update Now: iOS 26.3 and macOS Tahoe 26.3 Fix Dozens of Security Vulnerabilities

[mcswell]

Sigh...iOS 18.something on an iPhone 12 Pro, because I don't want Liquid Glass.

 

[Biro]

Apple is now promoting security updates to get people to update to 26.

Apple is being really petty these days. That’s why I’m running a Pixel 10 Pro alongside my iPhone 16 Plus. The jury is still out on which I’ll stick with at the end of the year.

 

[steve333]

X still getting the memory usage error message if left open for an hour or so.
Pathetic

 

[trusso]

Nonsense. My experience has been that Apple does a very good job of security updating Macs for ~at least 7 years. Not perfect, but well done and very well intended.

Did you actually read and understand my original post?

 

[Black_Mage]

Yikes. Ok I’m glad I decided to install 26.3 today.

 

[B4U]

Apple is being really petty these days. That’s why I’m running a Pixel 10 Pro alongside my iPhone 16 Plus. The jury is still out on which I’ll stick with at the end of the year.

I am in a similar situation.
The Pixel 10 Pro's main drawback is the battery life comparing to my 17 Pro.

 

[Biro]

I am in a similar situation.
The Pixel 10 Pro's main drawback is the battery life comparing to my 17 Pro.

An extra Amazon coupon on top of the sale price for the Pixel 10 Pro caused me to pull the trigger. So far, battery life hasn’t been an issue for me. Perhaps at the end of the year I’ll trade in the 10 Pro on an 11 Pro XL.

 

[FatLouie]

There is also an iOS 18.7.5 release that fixes these same vulnerabilities, but once again Apple has chosen to only give it to devices that cannot run iOS 26.

Which is why I replaced my 15+ with an OPPO Find X9 Pro. I am currently looking for an Android-based tablet to replace my iPad Pro, which is stuck on 18.7.3.

 

[segfaultdotorg]

Corporate policy says we can only update on Patch Tuesday... Can you guess where I work?

 

[Westside guy]

Also available: macOS Sonoma 14.8.4 - to patch the same vulnerabilities, I'd assume.

 

[johnsawyercjs]

It's still unclear to me the extent to which AI coding tools can ingest a large codebase then produce useful results when asked "find the bugs" (or more targeted statements like "find the race conditions" and "find the security issues"). But my guess is that these tools actually can do this, and do it fairly well (and this success already is a large part of why companies are willing to bet $600B on AI capex in 2026).

This is somewhat different from "fix the bugs", which is also interesting and important; but my guess is that every large SW company will mostly be spending 2026 figuring out, engineer by engineer and team by team how best to take advantage of "find the bugs" and "fix the bugs"...

My guess is that while AI coding tools will be useful in finding some types of bugs and vulnerabilities in operating systems, the real bug finders on the more prosaic level of average user-visible bugs will still have to be people who use these systems, reporting things that we've always reported on (though with varying responses from Apple), like poor UI implementation, apps not working together that are supposed to, etc. These are things that an AI is less likely to catch since an AI is unlikely to use an OS in a fully human-like real-world fashion, and be "bothered" by the same things we are. AI chatbots still get so many things wrong, and miss so many obvious things, that I can't help but assume the same is at least partly true of other forms of AI that can analyze operating system code.

 

[dropadrop]

We have no way to really judge that.

Some of us work in infosec / incident response and would object. This could be judged in multiple ways, the most simple being how frequently up to date macs end up being seriously compromised compared to Windows.

Yes, Apple has vulnerabilities but they are patched pretty quickly. When I look at the millions of (business customer) devices I see macs are updated a lot faster then Windows or Linux.

Not claiming they are perfect or that they could not do better… Just that there are many ways the security of a platform can be judged.

 

[Your Royal Highness]

They might have finally ran the entire code base of macOS through Claude with this number of improvements.

 

[svish]

Good to hear that the security issues have been fixed. Will update all my devices in the coming days.

 

[Séimhe]

… Just that there are many ways the security of a platform can be judged.

The biggest way to judge is whether or not they distribute the patches in the first place. When it comes to iOS, they are withholding security updates from users opting out of iOS26.

 

[dropadrop]

The biggest way to judge is whether or not they distribute the patches in the first place. When it comes to iOS, they are withholding security updates from users opting out of iOS26.

Yes and no. There is an update available, you just don’t want to install it.

I get what you are saying and I’m not saying you are wrong. At the same time pushing everyone to the new OS has always been Apples strategy. I believe this is less overhead for them, but also forces app makers to have updates available as soon as the new OS is out.

 

[bice]

Macos 15.7.4 was offered in parallel and seems to be the same security patches?

A funny/sneaky behaviour in update was that even though there is a separate button to update the existing 15.7.3 OS, clicking "Update now" had the upgrade to 26.3 as preselected. I haven't seen that before, if clicking "update now" on the existing OS it has not tried to run the upgrade unless specifically clicking the upgrade button

 

[pier]

There is also an iOS 18.7.5 release that fixes these same vulnerabilities, but once again Apple has chosen to only give it to devices that cannot run iOS 26.

Still using iOS 18 to avoid liquid glass and now I'm forced to iOS 26 to access a fix to a critical security flaw.

Apple must be really desperate to hit some KPIs if they're doing this crap.