Apple just shipped iOS 26.5.2, iPadOS 26.5.2, and macOS 26.5.2, and the security fix count alone makes this one worth installing today.
The updates address more than 25 vulnerabilities, including multiple kernel-level fixes and several WebKit bugs capable of causing crashes or leaking user data. The patches were drawn from fixes Apple had already seeded in the iOS 26.6, iPadOS 26.6, and macOS Tahoe 26.6 developer betas — a sign Apple opted to backport critical work rather than make non-beta users wait for the next full release. None of the flaws are known to have been actively exploited in the wild.
That last point matters less than it sounds. Apple's publication of the vulnerability details is itself a starting pistol: researchers and attackers alike can now reverse-engineer what was broken and target anyone still running older software. The window between a patch dropping and exploit code appearing has historically been short, especially for WebKit bugs, which sit at the browser engine layer where most internet-facing attack surface lives.
Point releases that bundle 25-plus fixes are not routine maintenance — they are Apple quietly admitting the 26.5.x branch needed more work than a dot-bump usually signals. Update now, or hand someone a roadmap.
