This week marked the release of iOS 26.4, which includes substantial security updates addressing over 35 vulnerabilities. Some issues are more pressing than others. Here are the key details.

Concerns Over Stolen Device Protection

A vulnerability (CVE-2026-28895) allowed individuals with physical access to bypass apps protected by biometrics using just the passcode, even with Stolen Device Protection activated. This means apps requiring Face ID could still be accessed with the basic passcode.

Improvements have been made in the latest version to mitigate this loophole.

Potential Access to Your Keychain

CVE-2026-28864 poses a risk where unauthorized access to the Keychain could occur, allowing illicit access to stored sensitive information like passwords. This flaw contradicts the goals of Stolen Device Protection.

Mail Privacy Features May Not Have Functioned

CVE-2026-20692 indicates that features like “Hide IP Address” and “Block All Remote Content” in Mail may not have worked properly, potentially exposing your IP address and enabling unwanted remote content access.

Issues with Printing Allowing Unauthorized Access

CVE-2026-20688 reveals a flaw in the Printing framework that could let apps escape their designated sandboxes, which can lead to larger exploits.

Multiple Threats to WebKit

This release uncovered multiple security concerns within WebKit, including a Same Origin Policy bypass (CVE-2026-20643) and a Content Security Policy issue (CVE-2026-20665), raising significant concerns about potential harmful actions from malicious websites.

In Summary

Currently, none of these vulnerabilities are reported as actively exploited. However, the severity of these issues makes them significant in this update, highlighting critical areas that need user attention.

To ensure protection, it’s advisable to update devices to iOS 26.4 as soon as possible. For a comprehensive list of security updates across various platforms, check Apple’s official security releases page.

Key Takeaways

  • Keep devices updated frequently to benefit from the latest security fixes.
  • Understand the limitations of Stolen Device Protection despite its improvements.
  • Verify that email privacy features are functioning as expected.
  • Be cautious of vulnerabilities in WebKit while browsing.
  • Remain vigilant about device security, especially regarding Keychain access.

Partager : X Facebook WhatsApp LinkedIn Reddit

Leave a comment

Your email address will not be published. Required fields are marked *