About the security content of iOS 26 and iPadOS 26

This document describes the security content of iOS 26 and iPadOS 26.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

iOS 26 and iPadOS 26

Released September 15, 2025

Apple Neural Engine

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to cause unexpected system termination

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2025-43344: an anonymous researcher

AppleMobileFileIntegrity

Impact: An app may be able to access sensitive user data

Description: A permissions issue was addressed with additional restrictions.

CVE-2025-43317: Mickey Jin (@patch1t)

Audio

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: An out-of-bounds access issue was addressed with improved bounds checking.

CVE-2025-43346: Hossein Lotfi (@hosselot) of Trend Micro Zero Day Initiative

Bluetooth

Impact: An app may be able to access sensitive user data

Description: A logging issue was addressed with improved data redaction.

CVE-2025-43354: Csaba Fitzl (@theevilbit) of Kandji

CVE-2025-43303: Csaba Fitzl (@theevilbit) of Kandji

Call History

Impact: An app may be able to fingerprint the user

Description: This issue was addressed with improved redaction of sensitive information.

CVE-2025-43357: Rosyna Keller of Totally Not Malicious Software, Guilherme Rambo of Best Buddy Apps (rambo.codes)

CoreAudio

Impact: Processing a maliciously crafted video file may lead to unexpected app termination

Description: An out-of-bounds write issue was addressed with improved input validation.

CVE-2025-43349: @zlluny working with Trend Micro Zero Day Initiative

CoreMedia

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: The issue was addressed with improved input validation.

CVE-2025-43372: 이동하 (Lee Dong Ha) of SSA Lab

IOHIDFamily

Impact: An app may be able to cause unexpected system termination

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2025-43302: Keisuke Hosoda

IOKit

Impact: An app may be able to access sensitive user data

Description: An authorization issue was addressed with improved state management.

CVE-2025-31255: Csaba Fitzl (@theevilbit) of Kandji

Kernel

Impact: A UDP server socket bound to a local interface may become bound to all interfaces

Description: A logic issue was addressed with improved state management.

CVE-2025-43359: Viktor Oreshkin

LaunchServices

Impact: An app may be able to monitor keystrokes without user permission

Description: The issue was addressed with improved checks.

CVE-2025-43362: Philipp Baldauf

MobileStorageMounter

Impact: An app may be able to cause a denial-of-service

Description: A type confusion issue was addressed with improved memory handling.

CVE-2025-43355: Dawuge of Shuffle Team

Notes

Impact: An attacker with physical access to an unlocked device may be able to view an image in the most recently viewed locked note

Description: The issue was addressed with improved handling of caches.

CVE-2025-43203: Tom Brzezinski

Safari

Impact: Processing maliciously crafted web content may lead to unexpected URL redirection

Description: This issue was addressed with improved URL validation.

CVE-2025-31254: Evan Waelde

Sandbox

Impact: An app may be able to break out of its sandbox

Description: A permissions issue was addressed with additional restrictions.

CVE-2025-43329: an anonymous researcher

Shortcuts

Impact: A shortcut may be able to bypass sandbox restrictions

Description: A permissions issue was addressed with additional sandbox restrictions.

CVE-2025-43358: 정답이 아닌 해답

Siri

Impact: Private Browsing tabs may be accessed without authentication

Description: This issue was addressed through improved state management.

CVE-2025-30468: Richard Hyunho Im (@richeeta)

Spell Check

Impact: An app may be able to access sensitive user data

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2025-43190: Noah Gregory (wts.dev)

SQLite

Impact: Processing a file may lead to memory corruption

Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.

CVE-2025-6965

System

Impact: An input validation issue was addressed

Description: This issue was addressed by removing the vulnerable code.

CVE-2025-43347: JZ, Seo Hyun-gyu (@wh1te4ever), Luke Roberts (@rookuu)

Text Input

Impact: Keyboard suggestions may display sensitive information on the lock screen

Description: This issue was addressed by restricting options offered on a locked device.

CVE-2025-24133: Joey Hewitt, an anonymous researcher, Thomas Salomon, Sufiyan Gouri (TU Darmstadt), Phil Scott (@MrPeriPeri) & Richard Hyunho Im (@richeeta), Mark Bowers, Dylan Rollins, Arthur Baudoin, Andr.Ess

WebKit

Impact: A website may be able to access sensor information without user consent

Description: The issue was addressed with improved handling of caches.

WebKit Bugzilla: 296153

CVE-2025-43356: Jaydev Ahire

WebKit

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 294550

CVE-2025-43272: Big Bear

WebKit

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved memory handling.

WebKit Bugzilla: 296490

CVE-2025-43343: an anonymous researcher

WebKit

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: A correctness issue was addressed with improved checks.

WebKit Bugzilla: 296042

CVE-2025-43342: an anonymous researcher

WebKit Process Model

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: A use-after-free issue was addressed with improved memory management.

WebKit Bugzilla: 296276

CVE-2025-43368: Pawel Wylecial of REDTEAM.PL working with Trend Micro Zero Day Initiative

Additional recognition

Accessibility

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India, Himanshu Bharti @Xpl0itme From Khatima for their assistance.

Accounts

We would like to acknowledge Lehan Dilusha Jayasingha, 要乐奈 for their assistance.

AuthKit

We would like to acknowledge Rosyna Keller of Totally Not Malicious Software for their assistance.

Calendar

We would like to acknowledge Keisuke Chinone (Iroiro) for their assistance.

Camera

We would like to acknowledge Descartes, Yusuf Kelany, an anonymous researcher for their assistance.

CFNetwork

We would like to acknowledge Christian Kohlschütter for their assistance.

CloudKit

We would like to acknowledge Yinyi Wu (@_3ndy1) from Dawn Security Lab of JD.com, Inc for their assistance.

Control Center

We would like to acknowledge Damitha Gunawardena for their assistance.

CoreMedia

We would like to acknowledge Noah Gregory (wts.dev) for their assistance.

darwinOS

We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.

Device Recovery

We would like to acknowledge an anonymous researcher for their assistance.

Files

We would like to acknowledge Tyler Montgomery for their assistance.

Foundation

We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for their assistance.

iCloud Photo Library

We would like to acknowledge Dawuge of Shuffle Team, Hikerell (Loadshine Lab), Joshua Jones, YingQi Shi (@Mas0nShi) and ChengQiang Jin (@白斩鸡) of DBAppSecurity's WeBin lab for their assistance.

ImageIO

We would like to acknowledge DongJun Kim (@smlijun) and JongSeong Kim (@nevul37) in Enki WhiteHat for their assistance.

IOGPUFamily

We would like to acknowledge Wang Yu of Cyberserval for their assistance.

Kernel

We would like to acknowledge Yepeng Pan, Prof. Dr. Christian Rossow for their assistance.

libc

We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.

libpthread

We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.

libxml2

We would like to acknowledge Nathaniel Oh (@calysteon) for their assistance.

Lockdown Mode

We would like to acknowledge Jonathan Thach, Pyrophoria and Ethan Day, kado for their assistance.

mDNSResponder

We would like to acknowledge Barrett Lyon for their assistance.

MediaRemote

We would like to acknowledge Dora Orak for their assistance.

MobileBackup

We would like to acknowledge Dragon Fruit Security (Davis Dai & ORAC落云 & Frank Du) for their assistance.

Networking

We would like to acknowledge Csaba Fitzl (@theevilbit) of Kandji for their assistance.

Notes

We would like to acknowledge Atul R V for their assistance.

Passwords

We would like to acknowledge Christian Kohlschütter for their assistance.

Phone

We would like to acknowledge Dalibor Milanovic for their assistance.

Safari

We would like to acknowledge Ameen Basha M K, Chi Yuan Chang of ZUSO ART and taikosoup, Dalibor Milanovic, HitmanAlharbi (@HitmanF15), Jake Derouin (jakederouin.com), Jaydev Ahire, Kenneth Chew for their assistance.

Sandbox Profiles

We would like to acknowledge Rosyna Keller of Totally Not Malicious Software for their assistance.

Security

We would like to acknowledge Jatayu Holznagel (@jholznagel), THANSEER KP for their assistance.

Setup Assistant

We would like to acknowledge Edwin R. for their assistance.

Siri

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India, Amandeep Singh Banga, Andrew Goldberg of The McCombs School of Business, The University of Texas at Austin (linkedin.com/andrew-goldberg-/), Dalibor Milanovic, M. Aman Shahid (@amansmughal) for their assistance.

Siri Suggestions

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from C-DAC Thiruvananthapuram India for their assistance.

Spotlight

We would like to acknowledge Christian Scalese, Jake Derouin (jakederouin.com) for their assistance.

Status Bar

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India, Dalibor Milanovic, Jonathan Thach for their assistance.

Transparency

We would like to acknowledge Wojciech Regula of SecuRing (wojciechregula.blog), 要乐奈 for their assistance.

User Management

We would like to acknowledge Muhaned Almoghira for their assistance.

WebKit

We would like to acknowledge Bob Lord, Matthew Liang, Mike Cardwell of grepular.com, Stanley Lee Linton for their assistance.

Wi-Fi

We would like to acknowledge Aobo Wang (@M4x_1997), Csaba Fitzl (@theevilbit) of Kandji, Noah Gregory (wts.dev), Wojciech Regula of SecuRing (wojciechregula.blog), an anonymous researcher for their assistance.

Widgets

We would like to acknowledge Abhay Kailasia (@abhay_kailasia) from Safran Mumbai India for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: September 15, 2025