iOS 26.2 fixes 20 security vulnerabilities, 2 actively exploited
(macrumors.com)160 points by akyuu a day ago
160 points by akyuu a day ago
Wow. I'm still on 18.7.1, saw the update to 18.7.2 yesterday (100% sure on this), but didn't want to install it at that moment as I needed the phone, and deferred the update to today.
Now I don't see any iOS 18 updates at all, only the iOS 26 prompts. What a dick move, Apple. Especially if this is a) a security update, and b) iOS 26 is known to run poorly on older phones like mine.
Thanks for the workaround!
If your phone is laggy after liquid glass, Enabling "Reduce Motion" from Accessibility/Motion makes my 2020 iphone se much better. You can also disable transparency for even more frames, but it makes some UIs look particularly bad (because everything is transparent in frutiger aero/liquid glass)
Reduce Motion does give you the unfortunate side effect of realizing how much dead time there is between processing buttons. Many actions have a visible pause without apparent activity. I assume the software has a hardcoded delay for the animation or the program literally takes noticeable amount of time to process the action.
I tried this on iPhone 17 (regular), the phone became more or less unusable. ~500-2000ms lag when changing or closing an application.
The liquidglass experience was bad, but reduce motion was unusable.
I can’t handle the swipe up to switch apps gesture with reduced motion it becomes too jarring. I set the glass to “tinted” and that’s about it. I wish they had a stronger disablement of just the glass.
Getting an iPhone model that comes with iOS 26 and cannot be downgraded: what a blunder. It’s not about Liquid Glass per se, more the ability to use your phone without being distracted by constant visual glitches and impaired keyboard typing experience.
It is also available as a public beta, which you can register for at https://beta.apple.com/
Thank you! Done. Here's hoping they continue to give v18 sec updates until v26+ UX and perf are fixed...
I would say it's almost certainly a mistake or some side-effect of their system that rolls out updates where they don't happen exactly simultaneously.
Remember that Apple is also pushing that update out to serve their iPhones that cannot get iOS 26. Even if I was to maximize my cynicism, I don't think they presently use security point releases in the manner you are describing.
I don't think we can really ascertain intent, Apple has a long history of "the feature update IS the security update".
This partly relies on the "just update bro" attitude of sufficient fanbois to achieve upgrade momentum. Otherwise, let's be honest, no one would update, ever, our phones are too personal to be changing constantly.
This "bug" has been there for 2-3 days now. If it was a bug with their software delivery system, I assume it would have been fixed by now, it's affecting many people (with plenty of message board complaints to prove it).
Nice though cosmetics are the least of my issues with 26. Usability really tanked across the OS, crap ton of baffling choices that make it much harder and unintuitive to use.
I believe so, too. I’ve updated to 26.2 today and haven’t seen any changes on the interface front.
It's unfortunate that Apple has taught me (and I assume others as well) over the last 15 years that the best practice is to never install a major OS update.
It seems clear to me that they use OS updates as a way to eventually slow your device down so the lag becomes so annoying that you want to purchase a new device.
(Edit: And the really obnoxious part is that they force you to receive upgrade prompts every single day and you can't disable it.)
Unfortunately they have other ways to deprecate your device: App Stores won't work, apps won't talk to their backend with older versions or just straight up won't launch. Even Homebrew stopped supporting my 2015 Macbook I have for personal use.
> they have other ways to deprecate your device
This is a wild take for a company known for the long lives of its devices.
Right, I think that was the point being made: I've had a closet of Apple hardware with no technical problems, but made useless due to Apple's software decisions.
These two things are not exclusive:
- Apple used to provide updates for longer than the rest of the industry.
- Apple has a history of using updates to make old devices less usable (see battery-gate or the current issue with Liquid glass).
Nothing wild there.
Other companies are now catching up on supports because the EU made longer support window mandatory. We will see how this pans out for Apple.
> It's unfortunate that Apple has taught me (and I assume others as well) over the last 15 years that the best practice is to never install a major OS update.
The sole reason I migrated from Android to Apple was to receive security upgrades for years not months. I am genuinely baffled by the take here on HN. People will (rightly) get up in arms about minor security issues across numerous domains then talk about never updating their phone. That has literally their entire life on it.
Damn. I bought brother just so I wouldn't be locked into overpriced cartridges. Although what I've been doing now is to reuse the starter cartridge, add some very inexpensive third-party toner to it, and reset the pages counter. It has worked well for the past few years.
>Running iOS 17.6.1 on my iPhone 13 mini right now.
You really shouldn't. There are dozens of RCE exploits, some of which were found in the wild, that you're missing out patches for.
13Mini+Lockdown mode user reporting here: I did a battery upgrade alongside the iOS 26 upgrade, and regretted switching to iOS26. It slowed down things wayy to much, the keyboard often lagged by dozens of keystrokes, and the camera app stopped working with 26.1.
I gave up yesterday, and disabled lockdown mode (and upgraded to 26.2). Seems fine now, but liquid glass is still a usability nightmare.
> And the really obnoxious part is that they force you to receive upgrade prompts every single day and you can't disable it
Enable iOS 18 Developer Beta and the nag screens go away.
> It seems clear to me that they use OS updates as a way to eventually slow your device down
This sounds like an exaggeration of what happens after an upgrade: iOS has to re-index your entire phone for Spotlight, etc. Same thing for Photos if there have been changes.
Depending on which phone and the amount of storage, your phone can feel kind of sluggish for a while until the background indexing is done.
If you update before you go to sleep, your device will be fine in the morning.
This seems like a ridiculous point. Basically all software doesn't allow downgrades. Sure, if something happens during install, there's modern safeguards to prevent bricking your device, but upgrading software is usually a one-way street. It's why major companies have tiered rollouts of new features, beta programs, and developer previews.
To a corollary: Would you trust a software development team who doesn't trust their feature enhancements enough to where they provide an option to roll back the software? It would be like a clothing designer saying "Actually, buy last years runway, this year's might have some issues..."
As a user, I get 'undo' functionality because I'm playing in the sandbox. I trust that the sandbox is sound if I'm able to use it, and trust it will get ever-better as time goes on.
Why is this a ridiculous point?
If I'm using version 1 of a tool to do some work, then I upgrade to version 2, and it means I cannot do my work as efficiently as before (maybe the update broke the tool, or maybe the user-interface was changed so much that my productivity went down the drain), then why am I not allowed to roll back the upgrade? What if I have a deadline, tomorrow morning at 9am? Not being able to downgrade can drive people up the wall.
Seriously these days everything looks like a work-in-progress. I think it is because of the internet. In many ways software was better before the internet. The continuous pushing of updates is a curse. And users need to have a way to deal with that.
> Apple today released iOS 26.2, iPadOS 26.2, and macOS 26.2
For those as confused as me, I'm on macOS 15.6.1, and it seems for the next version they aligned everything and I do indeed see an update for "macOS Tahoe 26.2". However, I also see a Sequoia 15.7.3 update dated at the same time and together in the same upgrade blog post (and for Sonoma 14.8.3, kudos), so for those that doesn't seem to want to do the jump now into Liquid Glass, that seems available:
https://support.apple.com/en-us/100100
Note: I had to click the [i], then unselect the "macOS Tahoe 26.2" and select the "macOS Sequoia 15.7.3" manually to avoid a full upgrade.
There appears to be a dark pattern occurring where the Tahoe update is selected by default and you need to uncheck it to just install the security update.
Is there a new technological space race between Microsoft and Apple, to see who can engineer more dark patterns into their software, forcing unwanted updates onto its users?
These techniques used to be exclusive to spyware distributors.
Yes, it’s “spyware” to want you to update an OS. That’s definitely the definition of that. Good job for decoding conspiracy.
"Leon Cowle was brave enough to try this out, and, it turns out, just clicking the 'Update Now' button next to Sequoia will, thankfully, do the right thing: install the Sequoia 15.7.2 update, not Tahoe."
This suggests someone forgot to update the "ⓘ" text. Not a dark pattern.
Offering the most recent update first is not a "dark pattern".
No, I would certainly say it is. Checking the blog post linked in this thread, I find selecting a different version to be both hidden and also have (intentionally?) bad UX. That is exactly what a dark pattern is: making a surprising choice (major upgrade) the default while hiding away the less disruptive or even non-disruptive choice (minor upgrade).
Nothing stops Apple from advertising both at the same level.
How can I install iOS 18.7.3? The settings app only shows 26.2 which I do not want to install.
Give it a couple days for 18.7.3 to show up (I’m trying this myself) or download the ipsw for ios 18.7.3 and use a computer to install.
You can also join the iOS 18 public beta to get the update.
I have a powerful MacBook Pro M2 Max with 32 GB of RAM. I updated it to macOS 26 since that it became a lot slower than my MacBook Air M1 with just 16 GB of RAM that I left on macOS Sequoia 15.7.x… What an irony given that my MacBook Pro has way better hardware specs.
Do you happen to have an app on this list open (https://avarayr.github.io/shamelectron/) ?
There is a bug in Electron caused by the use of a private API that slows down macOS 26 significantly. It’s fixed in Electron but not all Electron apps have updated to the new version yet. Apparently it’s fixed in macOS 26.2
I do know about it! I even did a few PRs in the past :) https://github.com/avarayr/shamelectron/pulls?q=is%3Apr+auth...
Please review the vulnerability list. https://support.apple.com/en-us/125885
“Access user data” “see apps user has installed” “gain root access”.
Maybe worth staying on to jailbreak or if you hate IOS Aero edition. Icons are blurry now. Slow usage. Going to beta 18.7.3 Then maybe android. Idk about these new UI changes that are forced with no absolute removal.
So far all of the comments are about the glass ui...I'm glad the bugs were squashed. Nice! But am curious what the metric is for determining when to push out security updates. Did they have 19 accumulated and were like "hey let's just wait til 1 more comes through"?
See discussion elsewhere in this thread on updating to 15.7.3:
The vulnerabilities listed[0] look pretty severe. I've got a 2016 iPhoneSE running iOS 15. It receives the odd security update (last one was on September 15 this year), but I imagine if these vulnerabilities aren't backported it would be pretty insecure. Currently my bank still supports iOS 15 but I wonder for how much longer?
You will not think about liquid glass after a day, especially if you turn on the new options. There's no need for everyone here to contort themselves into not installing these updates. The new features in all the OS upgrades are very much worth it.
You're not going to add text message spam filtering to your phone because they changed the border radius or blur or whatever?
> You will not think about liquid glass after a day, especially if you turn on the new options.
I wouldn’t say so. The “Increase Contrast” and “Show Borders” accessibility options make liquid glass just bearable to me, but the new UI design is still ungracefully buggy and unnecessarily hard(er) to use. (See e.g. https://www.nngroup.com/articles/liquid-glass/ for a detailed discussion.)
Sure, life goes on. However, considering the price tag of an iPhone/iPad, I understand how iOS 26 is off-putting to so many people – despite all the other new features.
And I think everyone agrees that it is your choice to install IOS 26 on your phone.
Personally I will skip IOS 26 and stay on IOS 18 and maybe upgrade to IOS 27 when it comes out next year (if by then all the bad UI decisions have been reversed).
I had a play around with a friend's phone who was updated to IOS 26 and honestly It just doesnt work for me in it's current state.
I notice it all the damn time.
- If I scroll a web page, and then decide to close it, I have to wait 'til the browser finishes scrolling the page before it'll open the menu with the close button
- every single time I watch a video my eye is drawn to the fucking stupid glass-y diffraction patterns and away from the content I was watching, or the play/pause icon I was interacting with
- every single time I use the home screen on iOS, or CMD+tab in macOS, my eye is drawn to the glass-y highlights around the icons, distracting me from whatever I was trying to do and causing me to think about the OS (and how much I hate the new look)
- I keep noticing the stupidly wide rounded corners on apps
- I keep noticing how the glassy icons and controls and stuff don't consistently change color with dark/light mode. They sometimes change if the content behind them is light/dark (which you'd think is a contrast improvement but it wouldn't be necessary if they had boxed out the toolbars like before). Often half the buttons have changed to contrast with the background and half haven't. This makes all the icons harder to read because I have to interpret the whole set to work out why it's suddenly slightly confusing
- I keep noticing how the toolbar icons have this insane shadows making them appear about 5meters closer to my face than the rest of the scree, which pulls my attention away from whatever I was looking at
- I keep noticing how some icons have those annoying highlighted edges and some don't and wondering why that is, and if they'll all come in sync...
- ... and the glassy-highlighted icons look like shit because the highlights are all the same (same color, same angle, same spread around the edges of the icons), which wouldn't happen if they were actual physical things under natural illumination
- since iOS 26.2, the increase contrast and reduce transparency modes have got worse: they seriously mess with the colors, in many case the light/dark relationship is inverted from what would be most useful (I can't think of examples now - it was so annoying I actually switched back to glassy to allow my eye a sense of comfort when using the thing, and now I try to put up with the "eye candy" distractions instead). I used to have "increase contrast" turned on with the last several major iOS versions. The new scheme has made it slightly harder to use the phone.
And I'm not even getting to how everything is harder to read, harder to see. It's _dreadful_ and they should fire everyone from the C-level who signed it off downwards.
I definitely still notice the (inconsistent? Only occasional? Which makes it even worse) parts of my UI that now look like something from a circa 2001 Java (specifically—not flash, it’s the “cool” Java aesthetic of the time with its image blurring and filtering an such, not the differently-bad “cool” flash aesthetic) applet gfx-heavy web site menu.
Plus there’s the pile of outright visual bugs and glitches. Like my keyboard opening with one size, then after a moment resizing itself a few pixels narrower because it initially rendered a little too big and off center to the right, like a badly-designed webpage. Every single time I open it. Including to write and edit this comment.
I also notice that I had to turn a bunch of accessibility features on so I wouldn’t constantly see animations with tons of dropped frames making me feel like I’m playing a bad port of a 3D PlayStation 2 game on a Gameboy Advance.
On work devices I've been using iOS 26 since early betas and macOS 26 for a few weeks now, and I still think about the user experience degradation. On the bright side — it makes me appreciate iOS 18 and macOS 15 more.
At this point I'm not contorting myself into skipping an update; I'm looking at exiting the entire Apple ecosystem. I don't want Liquid Glass to be my computing experience for the next numerous years.
I installed iPadOS 26 specifically for the new windowing features. I like the glass look as a concept. But the actual implementation of it is total dogshit. I cannot go a day without seeing the OS render black-on-black or white-on-white text, especially in the status indicators at the top of the device. There are so many little things regarding automatic color contrast in UIKit that are just poorly thought out or broken.
The thing is, Liquid Glass is already using a shader to render the refraction effect on top of the other UI layers. But - at least from my own developer experiments - it doesn't actually use anything graphical to determine what background color it needs to contrast against[1]. Instead, it looks through the view hierarchy for a view on the same edge as the toolbar the widget is in, and then grabs some undocumented[0] property from that view to determine its background. This fails if there's a split. Build, say, a toolbar layout and put two views inside of it, split 50% vertically with one having a black background and the other white. Put items in your toolbar on both left and right sides. They will either be all black or all white, only contrasting with half the screen.
[0] Or, at least, I have yet to find out what this property is.
[1] Hell, for icons and text they could XOR the alpha mask with the underlying pixels, or a blurred version thereof, to make text that will always contrast.
Liquid Glass is now mandatory if you care about security. Sigh.
I wanted to like it too, but some of the new UI modals of iOS 26 are just awful.
It's not, iOS 18.7.3 also released https://support.apple.com/en-us/125885
It is not available. The release is 2 days old and the download is not showing up on the phone.
My iPhone 12 mini was bugging me about it the other day. I declined it. I don't want liquid glass and whatever else it does to make that phone feel slower and less usable. I refuse to buy a newer iPhone. They are all too big.
Wrong. Enable 18 beta, refresh, install 18.7.3, disable beta. Problem solved.
Security updates are typically available for the most current 2 OS versions, and 18 is still officially supported, perhaps until 2026 or 2027. 18.7.3 exists with similar security updates as 26.2. It may not show up on iPhone as an update option without being on the beta 18 channel because they're trying to force people onto 26 using dark patterns, but it shows up on iPadOS without any additional magic.
Some parts have improved: It's nice that alarms are now slide to cancel. Safari's UI however is now 98% mystery meat.
The pre 26.2 less-glassy options were bearable because they were mostly like pre-Tahoe. The post 26.2 less-glassy options are now so shit that I’m using glassy mode, despite it being also ugly, distracting and harder to read than ever before. Apple have absolutely trashed their OS and their “Apple make good UIs” pedigree. It’s such a disappoibtment. I hope they come to their senses in the next major release round.
Given the news a few days ago about the changes in UI design leadership at Apple (https://news.ycombinator.com/item?id=46142843), there is a light at the end of the tunnel.
Not sure why you are so downvoted, because indeed Apple only does full security updates for the very newest (now 26): https://arstechnica.com/gadgets/2022/10/apple-clarifies-secu...
Thanks for that link. Before reading I was in the process of migrating all my stuff from a Windows7 machine, deduping archives and identifying software that I may still need to run in a VM somewhere or on a tablet. I had considered flipping to Apple devices since I have an iPhone but have never pulled the trigger on any of that. I was considering iMacs instead of a Linux box for a more seamless interface with the phone.
After reading that article where it is apparent that Apple has intentionally used terms that sound similar to obscure what the customer is actually gaining when they upgrade versus update and they intentionally omit the part about older devices not getting all the security updates that are pushed in the updates. I now have some clarity.
I can focus on moving to Linux and in time will be ditching the iPhone. Should've done this years ago.
Because it's factually incorrect.
Ars Technica, a clickbait aggregator whom should have been banned from this site long ago, is hardly a reliable source.
As far as I know, it is factually correct.
https://www.intego.com/mac-security-blog/apples-poor-patchin...
https://support.apple.com/guide/deployment/about-software-up...
> Note: Because of dependency on architecture and system changes to any current version of Apple operating systems (for example, macOS 26, iOS 26, and so on), not all known security issues are addressed in previous versions (for example, macOS 15, iOS 18, and so on).
Pro tip for anyone wanting to avoid liquid [gl]ass and install iOS 18.7.3: Apple is actively hiding 18.7.3 on most iPhones, despite the update showing on iPads. Perhaps a mistake, perhaps an attempt to force 26 onto users.
Simply select "iOS 18 Developer Beta" under beta updates (might need a developer account) and it will allow you to install it. The update currently offered is the production release.