Apple pushed out a wave of updates today, shipping iOS 26.5, iPadOS 26.5, macOS Tahoe 26.5, watchOS 26.5, tvOS 26.5, and visionOS 26.5 to users across every platform. Beyond the headline features, iOS 26.5 alone patches over 50 security vulnerabilities, a number that should give anyone still on an older OS version serious reason to update sooner rather than later.

The security notes reveal a broad attack surface addressed this cycle. Apple also backported fixes to legacy operating systems, releasing iOS 18.7.9, iPadOS 18.7.9, iPadOS 17.7.11, iOS 16.7.16, iPadOS 16.7.16, iOS 15.8.8, iPadOS 15.8.8, macOS Sequoia 15.7.7, and macOS Sonoma 14.8.7. With the exception of iOS 18.7.9, each of these older releases carries just one fix—a notification bug where deleted alerts could still be recovered, a patch that originally debuted in iOS 26.4.2.

The sheer volume of patches in iOS 26.5 reflects an active threat landscape Apple is actively mitigating. For users whose devices don't qualify for the latest OS, staying on these backported builds is the bare minimum needed to keep data safe. Apple's full security notes are available on its dedicated hub for anyone who wants to dig into individual CVEs.