Apple has released iOS 26.5.2 for iPhone, a security-focused update that patches more than 25 vulnerabilities across the operating system. While the update doesn’t introduce any new features, it addresses flaws affecting some of the software that iPhone users interact with every day, prompting Apple to recommend the update for all supported devices.
The company also released security updates for iPadOS 26.5.2, macOS Tahoe 26.5.2, watchOS 26.5.2, tvOS 26.5.2, and visionOS 26.5.2, bringing similar fixes across its ecosystem.
Apple’s security documentation lists fixes covering the kernel, WebKit, libxml2, ImageIO, Model I/O, PackageKit, and several other system components. Together, these parts of iOS handle everything from loading web pages and processing images to managing applications and the operating system itself. A vulnerability in any of these components could potentially allow an attacker to crash an app, access sensitive information, or execute malicious code under specific conditions.
Several of the patches focus on WebKit, the browser engine that powers Safari as well as every browser on the iPhone, including Chrome, Firefox, and Edge. Apple addressed multiple memory corruption and validation issues that could allow specially crafted websites to trigger unexpected behavior or compromise affected devices. The company said improved input validation, memory handling, and bounds checking were implemented to close these vulnerabilities.
The kernel, which serves as the core of the operating system, also received multiple security fixes. According to Apple, the update resolves issues that could allow applications to elevate privileges, leak sensitive information, or cause unexpected system behavior. Other patches target system frameworks responsible for processing media files, handling package installations, managing application permissions, and communicating with external accessories.
Apple’s advisory notes that it is not aware of any of the vulnerabilities being actively exploited. That doesn’t necessarily mean users should delay updating. Once security advisories are published, researchers and malicious actors alike gain insight into what was fixed. Devices that remain unpatched become easier targets as attackers attempt to reverse-engineer the vulnerabilities from the latest software.
The release also illustrates Apple’s increasingly frequent use of standalone security updates. Rather than waiting for the next feature release, the company has continued shipping dedicated patches whenever a significant number of fixes are ready. For users, that means updates like iOS 26.5.2 may appear relatively small despite containing dozens of security improvements behind the scenes.
Users can install iOS 26.5.2 by heading to Settings > General > Software Update. Apple recommends backing up important data before installing any software update, although the process typically takes only a few minutes depending on the device and internet connection.
For many users, iOS 26.5.2 won’t look any different after installation. There are no redesigned apps, new Apple Intelligence features, or interface changes waiting after the reboot. What it does provide is considerably harder to see: more than 25 security fixes designed to keep iPhones protected against vulnerabilities before they can be exploited.