iOS 26.5.2 includes 29 security patches that address vulnerabilities across multiple system components.
The update targets the GPU family, kernel, libxslt, Web extensions, WebKit, WebKit Canvas, WebKit Storage, and WebRTC modules.
A race condition in the GPU family has been resolved by improving state handling, which prevents unexpected system termination.
Kernel issues have been mitigated with enhanced input sanitization and validation, stopping potential memory corruption and termination.
libxslt patches eliminate double free and memory handling problems that could cause process crashes when processing malicious web content.
A use‑after‑free flaw in Web extensions has been addressed, preventing crashes triggered by malicious extensions.
WebKit receives a comprehensive set of fixes, including protection against cross‑origin data exfiltration, sandbox bypass, memory corruption, and use‑after‑free vulnerabilities.
The WebKit Canvas patch removes a use‑after‑free scenario that could lead to crashes during rendering of crafted content.
WebKit Storage updates prevent silent hijacking of clipboard data by malicious sites through stricter state management.
WebRTC vulnerabilities, such as out‑of‑bounds access, stack overflows, and use‑after‑free conditions, have been corrected with improved bounds checking and memory handling.
Users can install the update automatically or manually by navigating to General > Software Update and following the on‑screen instructions.
While no active exploits are known for these flaws, applying the update remains a best practice to maintain device security.