On Tuesday, Apple launched iOS 26.4, featuring important security updates that tackle over 35 vulnerabilities. This upgrade is vital for users, as it includes solutions for several significant issues that could jeopardize device security.
### Key Vulnerabilities Addressed
1. **Protection Bypass for Stolen Devices (CVE-2026-28895)**: This flaw permitted individuals with physical possession of an iPhone to bypass biometrically secured apps simply by using the device’s passcode, even when Stolen Device Protection was activated. This feature is intended to make a stolen iPhone ineffective, even with the correct passcode. Apple has now introduced enhanced checks to rectify this problem.
2. **Vulnerability in Keychain Access (CVE-2026-28864)**: A local attacker could access Keychain items due to inadequate permissions verification. The Keychain saves sensitive data like passwords and encryption keys, rendering this a significant local privilege escalation threat.
3. **Issue with Mail Privacy Settings (CVE-2026-20692)**: This vulnerability indicated that the “Hide IP Address” and “Block All Remote Content” functionalities in Mail may not have operated properly, potentially putting users’ IP addresses at risk and permitting remote content to load, disregarding user preferences.
4. **Printing-Related Sandbox Escape (CVE-2026-20688)**: This problem enabled an app to escape from its sandbox through a defect in the Printing framework, which is part of AirPrint. Escaping the sandbox is critical, as it can lead to further exploitation.
5. **WebKit Vulnerabilities**: The update resolved seven CVEs connected to WebKit, including a Same Origin Policy bypass and a Content Security Policy bypass. One alarming issue allowed a malicious site to process restricted web content beyond the sandbox.
### Conclusion
Although none of these vulnerabilities were indicated as actively exploited, their seriousness demands prompt action. Users are strongly encouraged to update to iOS 26.4 to safeguard their devices against these potential threats. For a comprehensive list of patches, users can check Apple’s security releases page.