Description:
Apple has released iOS 26.5.2, iPadOS 26.5.2, macOS Tahoe 26.5.2 and Safari 26.5.2 to fix the vulnerabilities in various Apple devices. The list of vulnerabilities information can be found at:
https://support.apple.com/en-hk/127594
https://support.apple.com/en-hk/127595
https://support.apple.com/en-hk/127685
Affected Systems:
- iPhone 11 and later
- iPad 8th generation and later, Air 3rd generation and later, mini 5th generation and later, Pro 11-inch 1st generation and later, Pro 12.9-inch 3rd generation and later
- macOS Tahoe prior to version 26.5.2
- Safari prior to version 26.5.2
Impact:
Depending on the vulnerabilities exploited, a successful attack could lead to denial of service, information disclosure, security restriction bypass or tampering on an affected system.
Recommendation:
Patches for affected products are available. Users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
The updates can be obtained through the auto-update mechanism. Users of affected systems should follow the recommendations provided by the vendor and take immediate actions to mitigate the risk.
More Information:
- https://support.apple.com/en-hk/127594
- https://support.apple.com/en-hk/127595
- https://support.apple.com/en-hk/127685
- https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities_20260706
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28979
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39868
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39872
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43663
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43676
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43699 (to CVE-2026-43701)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43703 (to CVE-2026-43709)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43712 (to CVE-2026-43713)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43715 (to CVE-2026-43718)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43720 (to CVE-2026-43722)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43724 (to CVE-2026-43727)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43731 (to CVE-2026-43732)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43734 (to CVE-2026-43735)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43740
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43742 (to CVE-2026-43743)
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43745 (to CVE-2026-43746)