Apple iOS 26.2 fixes 25 vulnerabilities, Google, ByteDance, Alibaba, etc. participate in "rescue"

Recently, Apple released iOS 26.2, iPadOS 26.2 and macOS Tahoe 26.2 systems. This update fixed a total of 25 security vulnerabilities., Apple recommends that all users upgrade immediately. It is understood that among the vulnerabilities repaired by Apple this time, there are two WebKit vulnerabilities that are particularly worthy of attention.Their numbers are CVE-2025-43529 and CVE-2025-14174. These two vulnerabilities were discovered by the Google Threat Analysis Group.

Apple officials have confirmed that existing evidence shows that hackers use these two vulnerabilities to launch extremely complex targeted attacks on users of older versions of iOS. However, the new version of the system completely eliminates the possibility of malicious web content triggering "arbitrary code execution" by improving memory management and verification mechanisms.

On the App Store front, Apple has taken additional restrictive measures to address a permissions issue. This permission issue allowed the application to access sensitive payment tokens. The vulnerability number is CVE-2025-46288 and has been successfully fixed.

It is worth mentioning that this vulnerability was discovered by Floeki and Zhongcheng Li of the ByteDance IES Red Team.

In addition, Apple also fixed a serious kernel-level integer overflow vulnerability in this update, numbered CVE-2025-46285. Previously, attackers were able to exploit this vulnerability to induce system crashes and even gain Root privileges.

Fortunately, this vulnerability was discovered and submitted by Kaitao Xie and Xiaolong Bai of Alibaba Group. Apple engineers eliminated this potential risk from the underlying logic level by introducing 64-bit timestamp technology.