Apple on Monday released the first updates to its 2026 operating system lineup, and they include several new features that iPhone and Mac users will love, including interface tweaks, new gestures, and Spotlight improvements.
But even more important for the more than a billion devices to get updates is the full list of security patches. The first update following a major OS release is always important for ironing out bugs and resolving performance issues, but there are also nearly 100 security updates for macOS Tahoe and dozens more for iPhone.
None of the vulnerabilities have been reported to have been directly exploited, but several pose serious risks to sensitive information. Among the long list of reforms, these caught our attention:
App Store
- Available for: iPhone
- Impact: An application may be able to collect a user’s fingerprint
- Description: A permissions issue was addressed with additional restrictions.
- CVE-2025-43444: Zhongcheng Li from ByteDance’s IES Red Team
Apple account
- Available for: iPhone 11 and later, iPad Pro 12.9-inch or later, iPad Pro 11-inch or later, iPad Air 3rd generation or later, iPad 8th generation or later, iPad mini 5th generation or later; McTahoe
- Impact: A malicious application may be able to screenshot sensitive information in embedded views
- Description: A privacy issue was addressed with improved checks.
- CVE-2025-43455: Ron Masas of Breakpoint.sh, Pinak Oza
Remote control for apple tv
- Available for: iPhone 11 and later, iPad Pro 12.9-inch or later, iPad Pro 11-inch or later, iPad Air 3rd generation or later, iPad 8th generation or later, iPad mini 5th generation or later
- Impact: A malicious application may be able to track users between installations
- Description: The issue was addressed with improved cache handling.
- CVE-2025-43449: Rosyna Keller from Totally Not Malicious
communication
- Available for: iPhone 11 and later, iPad Pro 12.9-inch or later, iPad Pro 11-inch or later, iPad Air 3rd generation or later, iPad 8th generation or later, iPad mini 5th generation or later; McTahoe
- Impact: An application may be able to access sensitive user data
- Description: A logging issue was addressed with improved data redaction.
- CVE-2025-43426: Wojciech Regula of SecuRing (wojciechregula.blog)
Look for me
- Available for: iPhone 11 and later, iPad Pro 12.9-inch or later, iPad Pro 11-inch or later, iPad Air 3rd generation or later, iPad 8th generation or later, iPad mini 5th generation or later; McTahoe
- Impact: An application may be able to collect a user’s fingerprint
- Description: A privacy issue was addressed by transferring sensitive data.
- CVE-2025-43507: delete
discoverer
- Available for: Mac Tahoe
- Impact: An application may bypass Gatekeeper checks
- Description: A logic issue was addressed with improved validation.
- CVE-2025-43348: Firdaus Saljoki (@malwarezoo) from Jamf
Notes
- Available for: iPhone 11 and later, iPad Pro 12.9-inch or later, iPad Pro 11-inch or later, iPad Air 3rd generation or later, iPad 8th generation or later, iPad mini 5th generation or later; McTahoe
- Impact: An application may be able to access sensitive user data
- Description: A privacy issue was addressed by removing vulnerable code.
- CVE-2025-43389: Kirin (@Pwnrin)
photo
- Available for: iPhone 11 and later, iPad Pro 12.9-inch or later, iPad Pro 11-inch or later, iPad Air 3rd generation or later, iPad 8th generation or later, iPad mini 5th generation or later; McTahoe
- Impact: An application may be able to access sensitive user data
- Description: A permissions issue was addressed with additional sandbox restrictions.
- CVE-2025-43405: Anonymous researcher
Safari
- Available for: iPhone 11 and later, iPad Pro 12.9-inch or later, iPad Pro 11-inch or later, iPad Air 3rd generation or later, iPad 8th generation or later, iPad mini 5th generation or later; McTahoe
- Impact: An application may be able to override certain privacy preferences
- Description: A privacy issue was addressed by removing sensitive data.
- CVE-2025-43502: Anonymous researcher
Protect stolen devices
- Available for: iPhone 11 and later
- Impact: An attacker with physical access to the device may be able to disable stolen device protection
- Description: The issue was addressed by adding additional logic.
- CVE-2025-43422: Will Kane
WebKit
- Available for: iPhone 11 and later, iPad Pro 12.9-inch or later, iPad Pro 11-inch or later, iPad Air 3rd generation or later, iPad 8th generation or later, iPad mini 5th generation or later; McTahoe
- Impact: An application may be able to monitor keystrokes without the user’s permission
- Description: The issue was addressed with improved checks.
- WebKit Bugzilla: 300095
- CVE-2025-43495: Lihan Dilosha Jayasinghe
If you haven’t updated your iPhone, iPad, or Mac yet, do so now. To update your device, go to Settings on your iPhone or System Settings on your Mac, then… general and Software updateAnd follow the prompt.