PSA: Dozens of critical security updates are waiting for your iPhone and Mac

Apple released the first updates to its 2026 operating system lineup on Monday, and they include plenty of new features that iPhone and Mac users will love, including interface tweaks, new gestures, and Spotlight improvements.

But even more important for the billions of devices receiving updates is a comprehensive suite of security fixes. The first update following a major operating system release is always important for squashing bugs and fixing performance issues, but there are also nearly 100 security updates for macOS Tahoe and a few dozen more for the iPhone.

None of the vulnerabilities have been exploited in the wild, but several of them pose critical risks to sensitive information. Among the long list of fixes, these caught our attention.

App store

• Available for: iPhone
• Impact: an application may be able to take the user’s fingerprints
• Description: A permissions issue has been resolved with additional restrictions.
• CVE-2025-43444: Zhongcheng Li of ByteDance IES Red Team

Apple Account

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later; macOS Tahoe
• Impact: A malicious application may be able to take a screenshot of sensitive information in embedded views.
• Description: A privacy issue has been addressed with enhanced controls.
• CVE-2025-43455: Ron Masas from BreakPoint.SH, Pinak Oza

Apple TV Remote

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
• Impact: A malicious application may be able to track users between installations
• Description: The issue was resolved with improved cache management.
• CVE-2025-43449: Rosyna Keller from Completely Non-Malicious Software

Contacts

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later; macOS Tahoe
• Impact: An application may be able to access sensitive user data
• Description: A logging issue was resolved with improved data redaction.
• CVE-2025-43426: Wojciech Regula of SecuRing (wojciechregula.blog)

Find my

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later; macOS Tahoe
• Impact: an application may be able to take the user’s fingerprints
• Description: A privacy issue was resolved by moving sensitive data.
• CVE-2025-43507: iisBuri

Researcher

• Available for: macOS Tahoe
• Impact: An application can bypass Gatekeeper controls
• Description: A logic issue was resolved with improved validation.
• CVE-2025-43348: Ferdous Saljooki (@malwarezoo) from Jamf

Remarks

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later; macOS Tahoe
• Impact: An application may be able to access sensitive user data
• Description: A privacy issue was resolved by removing vulnerable code.
• CVE-2025-43389: Kirin (@Pwnrin)

Photos

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later; macOS Tahoe
• Impact: An application may be able to access sensitive user data
• Description: A permissions issue has been resolved with additional sandbox restrictions.
• CVE-2025-43405: ​​an anonymous researcher

Safari

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later; macOS Tahoe
• Impact: An application may be able to bypass certain privacy preferences
• Description: A privacy issue was resolved by removing sensitive data.
• CVE-2025-43502: an anonymous researcher

Protecting Stolen Devices

• Available for: iPhone 11 and later
• Impact: An attacker with physical access to a device may be able to disable protection on stolen devices.
• Description: The issue was resolved by adding additional logic.
• CVE-2025-43422: Will Caine

Webkit

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later; macOS Tahoe
• Impact: An application may be able to monitor keystrokes without user permission
• Description: The issue has been resolved with enhanced checks.
• WebKit Bugzilla: 300095
• CVE-2025-43495: Lehan Dilusha Jayasinghe

If you haven’t yet updated your iPhone, iPad, or Mac, do so now. To update your device, go to Settings on iPhone or System Settings on Mac, then General And Software updateand follow the prompt.