On Monday Apple released first updates to the 2026 line of operating systemsand they include many new features that iPhone and Mac users will love, including interface tweaks, new gestures, and Spotlight improvements.
But even more important for the billion-plus devices receiving updates is having a full set of security patches. The first update after a major OS release is always important to fix bugs and fix performance issues, but there are also about 100 security updates for macOS Tahoe and dozens more for the iPhone.
None of the vulnerabilities are reported to have been exploited in the real world, but some of them pose a serious threat to sensitive information. Among the long list of fixes, these caught our attention.
App Store
- Available on: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later.
- Impact. The application can take the user's fingerprints.
- Description. The permitting issue was resolved by introducing additional restrictions.
- CVE-2025-43444: Zhongcheng Li of ByteDance's IES red team.
Apple account
- Available on: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, iPad mini 5th generation and later; macOS Tahoe
- Impact. A malicious app could take a screenshot of sensitive information in embedded views.
- Description. The privacy issue has been addressed through improved checks.
- CVE-2025-43455: Ron Masas of Breakpoint.sh, Pinak Oza
Apple TV remote
- Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, iPad mini 5th generation and later.
- Impact. A malicious application can track users between installations.
- Description. The issue was addressed with improved cache handling.
- CVE-2025-43449: Rosina Keller of Totally Not Malicious Software
Contacts
- Available on: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, iPad mini 5th generation and later; macOS Tahoe
- Impact. The application may have access to sensitive user data.
- Description. A logging issue has been addressed with improved data editing.
- CVE-2025-43426: Wojciech Regula of SecuRing (wojciechregula.blog)
Find mine
- Available on: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, iPad mini 5th generation and later; macOS Tahoe
- Impact. The application can take the user's fingerprints.
- Description. Privacy problem solved by moving sensitive data.
- CVE-2025-43507: Remove.
Seeker
- Available for: macOS Tahoe
- Impact. The application can bypass Gatekeeper checks.
- Description. The logic issue has been resolved with improved validation.
- CVE-2025-43348: Ferdos Saljuki (@malwarezoo) of Jamf
Notes
- Available on: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, iPad mini 5th generation and later; macOS Tahoe
- Impact. The application may have access to sensitive user data.
- Description. The privacy issue has been addressed by removing the vulnerable code.
- CVE-2025-43389: Kirin (@Pwnrin)
Photos
- Available on: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, iPad mini 5th generation and later; macOS Tahoe
- Impact. The application may have access to the user's confidential data.
- Description. The permissions issue has been addressed with additional sandbox restrictions.
- CVE-2025-43405: ​​Anonymous researcher.
Safari
- Available on: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, iPad mini 5th generation and later; macOS Tahoe
- Impact. The app may bypass certain privacy settings.
- Description. Privacy issue resolved by removing sensitive data.
- CVE-2025-43502: Anonymous researcher.
Stolen Device Protection
- Available for: iPhone 11 and later.
- Impact. An attacker with physical access to a device can disable protection against stolen devices.
- Description. The problem was resolved by adding additional logic.
- CVE-2025-43422: Will Kane
Webkit
- Available on: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, iPad mini 5th generation and later; macOS Tahoe
- Impact. An application can track keystrokes without the user's permission.
- Description. This issue has been resolved with improved checks.
- WebKit Error: 300095
- CVE-2025-43495: Lehan Dilusha Jayasinghe
If you haven't updated your iPhone, iPad, or Mac yet, do it now. To update your device, go to Settings on iPhone or System Preferences on Mac, then General And Software updateand follow the prompts.
