Apple rolled out iOS 26.1 and iPadOS 26.1 on November 3, 2025, addressing a slew of security flaws that could expose users to privacy breaches, system crashes, and data leaks.
These updates target devices starting from iPhone 11 and later models, including iPad Pro (12.9-inch 3rd generation and newer), iPad Pro (11-inch 1st generation and newer), iPad Air (3rd generation and newer), iPad (8th generation and newer), and iPad mini (5th generation and newer).
As with Apple’s standard practice, the company withholds details on vulnerabilities until patches are ready, referencing them by CVE identifiers where applicable.
The updates fix over 40 issues across core components like WebKit, the Kernel, and various system services.
Many stem from memory handling errors, logic flaws, and privacy oversights that malicious apps or websites could exploit.
For instance, WebKit the engine powering Safari sees the bulk of repairs, tackling use-after-free bugs, buffer overflows, and cross-origin data exfiltration risks.
These could crash Safari or allow sites to steal sensitive information without permission.
Key Privacy and System Protections
Privacy remains a focal point, with fixes preventing apps from fingerprinting users, accessing protected data, or tracking installations via caches.
In the Apple Neural Engine, improved memory handling thwarts kernel corruption that might lead to system crashes.
Kernel updates curb unexpected terminations, while Stolen Device Protection gains logic to block physical attackers from disabling it on iPhone 11 and later.
Other notable patches include Camera enhancements to hide view details pre-permission, Contacts logging redactions to avoid data exposure, and Text Input restrictions that keep keyboard suggestions from revealing lock screen info.
Control Center and Status Bar fixes limit what attackers with physical access can glimpse on locked devices.
Vulnerability Summary Table
| CVE ID | Component | Impact | Description Brief | Researcher(s) |
|---|---|---|---|---|
| CVE-2025-43480 | WebKit | Cross-origin data exfiltration | Improved checks | Aleksejs Popovs |
| CVE-2025-43447 | Apple Neural Engine | System termination or kernel corruption | Better memory handling | Anonymous |
| CVE-2025-43398 | Kernel | Unexpected system termination | Improved memory handling | Cristian Dinca |
| CVE-2025-43422 | Stolen Device Protection | Disable protection via physical access | Added logic | Will Caine |
| CVE-2025-43452 | Text Input | Sensitive info on lock screen | Restricted locked-device options | Multiple (e.g., Thomas Salomon) |
| CVE-2025-43379 | AppleMobileFileIntegrity | Access protected user data | Symlink validation | Gergely Kalman |
Apple credits researchers like those from Trend Micro’s Zero Day Initiative and ByteDance for disclosures.
Users should update immediately via Settings > General > Software Update to stay protected.
No widespread exploits have been reported yet, but timely patching is crucial in an era of evolving threats.
