Apple has pushed iOS 26.5.2, iPadOS 26.5.2, and macOS 26.5.2 to users, closing more than 25 security vulnerabilities across iPhone, iPad, and Mac.
The updates address multiple kernel-level flaws and several WebKit vulnerabilities.
WebKit is the browser engine that powers Safari and underlies many third-party apps, meaning the weaknesses could have exposed users to crashes or data leaks during ordinary browsing sessions.
Why Delaying This Update Carries More Risk Than Usual
Apple confirmed that none of the 25-plus vulnerabilities were actively exploited before the patches shipped. That window may narrow now that Apple has published the full security documentation.
Researchers and bad actors alike can read those details, making unpatched devices more visible targets than they were a week ago.
The fixes themselves were pulled from code already being tested in the iOS 26.6 and macOS Tahoe 26.6 developer betas.
Apple backported them into the 26.5.2 release so users on the current stable version could get the patches without waiting for the next major update cycle.
What to Do Now
On iPhone or iPad, the update is available in Settings > General > Software Update. On a Mac, the same path goes through System Settings > General.
The download typically takes a few minutes on a standard home connection, and most devices will reboot once before returning to normal use.
With more than 25 patched vulnerabilities listed in a single release, this update carries a heavier security load than a typical point release. If you have automatic updates enabled, you may already have the software installed without realizing it.
