On December 13, 2025, Apple formally rolled out system updates for iOS 26.2, iPadOS 26.2, and macOS Tahoe 26.2. These updates tackle a total of 25 security vulnerabilities, and Apple strongly urges all users to install the updates without delay.

Among the vulnerabilities addressed, the two WebKit flaws (CVE - 2025 - 43529 and CVE - 2025 - 14174) stood out. These were uncovered by Google's Threat Analysis Group and garnered considerable attention. Apple officially verified that hackers had taken advantage of these vulnerabilities to carry out sophisticated, targeted attacks on users of older iOS versions. The updated iOS version effectively eliminates the risk of malicious web content triggering "arbitrary code execution." This is achieved through enhancements in memory management and validation mechanisms, providing a more robust shield against such threats.

Regarding the App Store, Apple resolved a permission - related issue (CVE - 2025 - 46288). This flaw allowed applications to gain access to sensitive payment tokens. The discovery of this vulnerability is credited to ByteDance's IES Red Team. By addressing this, Apple ensures that users' payment information remains better protected.

Apple also tackled a critical kernel - level integer overflow vulnerability (CVE - 2025 - 46285). This vulnerability had the potential to cause system crashes or lead to root privilege escalation, which could give attackers extensive control over the device. It was discovered and reported by Alibaba Group. Apple's engineers got to the root of the problem by introducing 64 - bit timestamp technology, effectively eliminating this risk at the fundamental logic level.

Moreover, the update bolstered the security of FaceTime, iMessage, and the Phone app. Multiple vulnerabilities that could result in information leaks were fixed, ensuring that users' communication remains more private and secure.