iOS 26.2 Update: Apple has released important security fixes for iPhone and iPad users with its latest iOS 26.2 update. The company has admitted that many such vulnerabilities were found in recent devices, taking advantage of which an app could access personal data, crash the phone and, in certain circumstances, even gain control over the entire system. Apple has shared information about all these flaws on its support website.
Which devices were affected?
According to Apple, these security issues were present in all iPhone 11 and newer models. Apart from this, many iPad series were also affected by this, which include iPad Pro from third generation onwards, iPad Air from third generation, iPad from eighth generation and iPad mini from fifth generation.
Threats and privacy risks related to App Store
A serious flaw in the update was related to the App Store, where a mistake in the permissions given to apps could have allowed access to sensitive tokens related to payments. Apple has fixed this problem by imposing strict restrictions.
Apart from this, deficiencies related to permissions and logging were also found in system features like Icons, Messages, MediaExperience, Screen Time, Telephony and Photos. In some cases, apps could have accessed a user’s personal data, Safari browsing history, or information from other apps installed on the phone.
Serious kernel and system level vulnerabilities
Apple has also fixed a dangerous kernel flaw that could have allowed a malicious app to gain root access. This problem was caused by a technical error called integer overflow. This has now been resolved by adopting the 64-bit timestamp system.
Additionally, low-level components such as Foundation, Multi-Touch, libarchive, and AppleJPEG also had memory corruption issues that could cause app crashes or abnormal behavior when processing dangerous files or data.
FaceTime and calling risks
Many important improvements have also been made in FaceTime and Calling Framework. Previously, the password field could be visible during remote device control in some situations. Due to another flaw, FaceTime caller ID could be shown as fake. Apple says that both these problems have been eliminated through better state management.
Flaws and targeted attacks found in WebKit
Most of the improvements in iOS 26.2 are related to WebKit, which is the main engine of the Safari browser. Apple had warned that specially designed websites could crash the phone, damage the memory, or in severe cases, even run arbitrary code.
The company also acknowledged that at least two WebKit vulnerabilities were previously exploited in highly advanced targeted attacks against select users on iOS versions older than 26. Now all these flaws have been patched.
Problems related to open source software
Some security problems came from open source software that Apple uses in its systems. These include tools like curl and libarchive. Apple said that these flaws were given CVE ID by a third party and its software was also included in the affected projects.
Also read:
Take special care of your smartphone in winter, otherwise it can cause big loss, know the complete information.
