Update Your IPhone As Soon As Possible to Avoid FaceTime Scams.

On Friday, Apple released iOS 26.2 . Although it’s the third update in the iOS 26 era, version 26.2 still adds several interesting and useful new features, such as alarms for reminders and improved sleep quality scoring on the Apple Watch .

However, updates aren’t just about new features. Apple typically includes a number of security patches with its software releases, so it’s important to install each update. You don’t always need to install the latest version of iOS or macOS to benefit from these security patches: Apple typically releases important security patches for some older versions of its software as well.iPhone users running iOS 18 can install the same security patches as iOS 26 users, as can Mac users running macOS Sequoia or Sonoma, but not Tahoe.

Overall, today’s update from Appleincludes a number of fixes you’ll want to install on your iPhone—regardless of what software version you’re currently running. This particular release contains 25 fixes, and while some of them appear to be relevant only to software developers, others are clearly serious.

iOS 26.2 fixes several serious security vulnerabilities.

Perhaps most important from a security perspective, this release includes two patches for potential zero-day vulnerabilities. Zero-day vulnerabilities are particularly dangerous because they are either publicly disclosed or actively exploited before the developer can release a patch, leaving users vulnerable to attack.

Both vulnerabilities (CVE-2025-43529 and CVE-2025-14174) affect WebKit, Apple’s platform for developing Safari and web browsers on iPhones. Before Apple patched these issues, attackers could serve malicious web content to users. After the user processed this content on their iPhone, this could lead to arbitrary code execution, essentially allowing the attacker to run any code on your iPhone. Apple states that it is aware of reports that these two vulnerabilities could be used in a “highly sophisticated attack against specific targeted individuals” in iOS versions prior to iOS 26.

This isn’t the first time Apple has patched vulnerabilities with such warnings. Due to the iPhone’s popularity, these vulnerabilities are valuable to governments and other major players targeting high-profile individuals, such as journalists and politicians. Apple even sends these users warnings when their iPhone is identified as the target of such an attack. While the risk of the average iPhone user falling victim to one of these campaigns is low, it’s not impossible, meaning it’s important to update your system as soon as a patch is available. This also applies to other Apple devices, such as Mac computers, so update all your devices as soon as possible.

While these two bugs are the most urgent to fix, there are others that should be addressed as soon as possible. One of the first that caught my eye was a bug in the “Calling Framework” that allows attackers to spoof their FaceTime caller ID. With the rise of AI-based scams, attackers could create an AI voice similar to someone you know and spoof their contact information to make it appear they’re calling you via FaceTime audio. This update eliminates this possibility—at least as far as spoofing goes.

Speaking of FaceTime, this update also fixes a vulnerability that sometimes caused passcode entry fields to appear when remotely controlling a device via FaceTime. If you shared your screen with someone during a video call, they could see you entering your passcode and use it against you. It also fixes a bug that allowed the app to see other apps installed on your device—a serious privacy and security vulnerability.

If you use the Hidden feature in the Photos app to hide sensitive photos you don’t want others to see, you should also install this update as soon as possible: Previous versions of iOS contained a bug that allowed these hidden photos to be viewed without authentication.

iOS 26.2 Security Update Release Notes

If you’re interested in all the security fixes Apple included in this update, the full changelog is as follows:

App Store

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: The application may gain access to sensitive payment tokens.

• Description: An issue with access rights was resolved by introducing additional restrictions.

• CVE-2025-46288: Floecki, Zhongcheng Li of ByteDance’s IES Red Team.

AppleJPEG

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Consequences: Processing the file may result in memory corruption.

• Description: The issue was resolved through improved border checking.

• CVE-2025-43539: Michael Reeves (@IntegralPilot)

Call framework

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Consequences: An attacker can spoof FaceTime caller ID.

• Description: A user interface inconsistency issue has been resolved through improved state management.

• CVE-2025-46287: Anonymous researcher, Riley Walz

curl

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Multiple issues in curl.

• Description: This is an open source vulnerability, and Apple Software is one of the affected projects. The CVE identifier was assigned by a third party. More information about the issue and the CVE identifier can be found at cve.org .

• CVE-2024-7264, CVE-2025-9086

FaceTime

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Password entry fields may be inadvertently revealed when remotely controlling a device via FaceTime.

• Description: This issue was resolved through improved state management.

• CVE-2025-43542: Yiğit Ocak

Foundation

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: An application may gain unauthorized access to files via the spell check API.

• Description: A logical error was fixed by improving checks.

• CVE-2025-43518: Noah Gregory ( wts.dev )

Foundation

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Processing malicious data may cause the application to terminate unexpectedly.

• Description: Fixed a memory corruption issue by improving bounds checking.

• CVE-2025-43532: Andrew Calvano and Lucas Pinheiro of Meta Product Security

Icons

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: The app can determine what other apps the user has installed.

• Description: An issue with access rights was resolved by introducing additional restrictions.

• CVE-2025-46279: Duy Trần (@kanhduytran0)

Core

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Consequences: The application may gain superuser rights.

• Description: An integer overflow problem was resolved by using 64-bit timestamps.

• CVE-2025-46285: Kaitao Xie and Xiaolong Bai of Alibaba Group.

libarchive

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Consequences: Processing the file may result in memory corruption.

• Description: This is an open source vulnerability, and Apple Software is one of the affected projects. The CVE identifier was assigned by a third party. More information about the issue and the CVE identifier can be found at cve.org .

• CVE-2025-5918

MediaExperience

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Consequences: The application may access users’ confidential data.

• Description: An issue with logging was resolved by improving data editing.

• CVE-2025-43475: Rosina Keller of Totally Not Malicious Software

Messages

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Consequences: The application may access users’ confidential data.

• Description: The information disclosure issue has been addressed by improving privacy protection measures.

• CVE-2025-46276: Rosina Keller of Totally Not Malicious Software

Multitouch

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: A malicious HID device may cause the process to crash unexpectedly.

• Description: Fixed multiple memory corruption issues through improved input validation.

• CVE-2025-43533: Google Threat Analysis Team

Photos

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Photos in the “Hidden Photos” album can be viewed without authorization.

• Description: A configuration issue was fixed, resulting in additional restrictions being introduced.

• CVE-2025-43428: Anonymous researcher Michael Schmutzer of the Ingolstadt Institute of Technology.

Screen time

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: The app may access the user’s Safari browser history.

• Description: An issue with logging was resolved by improving data editing.

• CVE-2025-46277: Kirin (@Pwnrin)

Screen time

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Consequences: The application may access users’ confidential data.

• Description: An issue with logging was resolved by improving data editing.

• CVE-2025-43538: Ivan Savransky

Telephony

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Consequences: The application may access users’ confidential data.

• Description: This issue was resolved by adding additional permissions checks.

• CVE-2025-46292: Rosina Keller of Totally Not Malicious Software

WebKit

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Processing specially crafted malicious web content may cause Safari to crash unexpectedly.

• Description: The type confusion issue was resolved by improving state handling.

• WebKit Bug in Bugzilla: 301257

• CVE-2025-43541: Hossein Lotfi (@hosselot) of Trend Micro, a zero-day contributor.

WebKit

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Processing specially crafted malicious web content may cause the process to crash unexpectedly.

• Description: A use-after-free issue was resolved through improved memory management.

• WebKit Bug in Bugzilla: 301726

• CVE-2025-43536: Nan Wang (@eternalsakura13)

WebKit

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Processing specially crafted malicious web content may cause the process to crash unexpectedly.

• Description: The issue was resolved through improved memory handling.

• WebKit Bugzilla: 300774

• WebKit Bugzilla: 301338

• CVE-2025-43535: Google Big Sleep, Nan Wang (@eternalsakura13)

WebKit

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Processing specially crafted malicious web content may cause the process to crash unexpectedly.

• Description: A buffer overflow issue was resolved through improved memory handling.

• WebKit Bugzilla: 301371

• CVE-2025-43501: Hossein Lotfi (@hosselot) of Trend Micro, a zero-day contributor.

WebKit

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Processing specially crafted malicious web content may cause the process to crash unexpectedly.

• Description: Fixed a race condition issue, improved state handling.

• WebKit Bugzilla: 301940

• CVE-2025-43531: Phil Pizlo of Epic Games

WebKit

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Processing specially crafted malicious web content may lead to arbitrary code execution. Apple is aware of a report that this vulnerability could be exploited in a highly sophisticated attack against specific targets on iOS versions prior to iOS 26. In response to this report, CVE-2025-14174 has been released.

• Description: A use-after-free issue was resolved through improved memory management.

• WebKit Bug in Bugzilla: 302502

• CVE-2025-43529: Google Threat Analysis Team

WebKit

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Processing specially crafted malicious web content may result in memory corruption. Apple is aware of a report that this vulnerability could be exploited in a highly sophisticated attack against specific targets on iOS versions prior to iOS 26. In response to this report, CVE-2025-43529 has been released.

• Description: Fixed a memory corruption issue by improving the check.

• WebKit Bug in Bugzilla: 303614

• CVE-2025-14174: Apple and Google Threat Analysis Team

WebKit Web Inspector

• Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• Impact: Processing specially crafted malicious web content may cause the process to crash unexpectedly.

• Description: A use-after-free issue was resolved through improved memory management.

• WebKit Bug in Bugzilla: 300926

• CVE-2025-43511: 이동하 (BoB 14th’s Lee Dong Ha)

More…