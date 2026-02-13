Apple¤¬iPhone¤äiPad¤Ê¤É¸þ¤±ºÇ¿·¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¡ÖiOS 26.3¡×¤È¡ÖiPadOS 26.3¡×¤òÄó¶¡³«»Ï¡ª½ÅÍ×¤ÊÉÔ¶ñ¹ç¤òÀÈ¼åÀ¤ò½¤Àµ¤Ê¤É
¡¦iPhone 17
¡¦iPhone 17 Pro
¡¦iPhone 17 Pro Max
¡¦iPhone Air
¡¦iPhone 16e
¡¦iPhone 16
¡¦iPhone 16 Plus
¡¦iPhone 16 Pro
¡¦iPhone 16 Pro Max
¡¦iPhone 15
¡¦iPhone 15 Plus
¡¦iPhone 15 Pro
¡¦iPhone 15 Pro Max
¡¦iPhone 14
¡¦iPhone 14 Plus
¡¦iPhone 14 Pro
¡¦iPhone 14 Pro Max
¡¦iPhone 13
¡¦iPhone 13 mini
¡¦iPhone 13 Pro
¡¦iPhone 13 Pro Max
¡¦iPhone 12
¡¦iPhone 12 mini
¡¦iPhone 12 Pro
¡¦iPhone 12 Pro Max
¡¦iPhone 11
¡¦iPhone 11 Pro
¡¦iPhone 11 Pro Max
¡¦iPhone SE¡ÊÂè3À¤Âå¡Ë
¡¦iPhone SE¡ÊÂè2À¤Âå¡Ë
¡ãiPadOS 26ÂÐ±þÀ½ÉÊ¡ä
¡¦iPad¡ÊÂè8À¤Âå¡Ë
¡¦iPad¡ÊÂè9À¤Âå¡Ë
¡¦iPad¡ÊÂè10À¤Âå¡Ë
¡¦iPad mini¡ÊÂè5À¤Âå¡Ë
¡¦iPad mini¡ÊÂè6À¤Âå¡Ë
¡¦iPad Air¡ÊÂè3À¤Âå¡Ë
¡¦iPad Air¡ÊÂè4À¤Âå¡Ë
¡¦iPad Air¡ÊÂè5À¤Âå¡Ë
¡¦11¥¤¥ó¥ÁiPad Air¡ÊM2¡Ë
¡¦13¥¤¥ó¥ÁiPad Air¡ÊM2¡Ë
¡¦12.9¥¤¥ó¥ÁiPad Pro¡ÊÂè3À¤Âå¡Ë
¡¦12.9¥¤¥ó¥ÁiPad Pro¡ÊÂè4À¤Âå¡Ë
¡¦12.9¥¤¥ó¥ÁiPad Pro¡ÊÂè5À¤Âå¡Ë
¡¦12.9¥¤¥ó¥ÁiPad Pro¡ÊÂè6À¤Âå¡Ë
¡¦13¥¤¥ó¥ÁiPad Pro¡ÊM4¡Ë
¡¦11¥¤¥ó¥ÁiPad Pro¡ÊÂè1À¤Âå¡Ë
¡¦11¥¤¥ó¥ÁiPad Pro¡ÊÂè2À¤Âå¡Ë
¡¦11¥¤¥ó¥ÁiPad Pro¡ÊÂè3À¤Âå¡Ë
¡¦11¥¤¥ó¥ÁiPad Pro¡ÊÂè4À¤Âå¡Ë
¡¦11¥¤¥ó¥ÁiPad Pro¡ÊM4¡Ë
iOS 26.3 and iPadOS 26.3
Released February 11, 2026
- Accessibility
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2026-20645: Loh Boon Keat
- Accessibility
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: A privacy issue was addressed by removing sensitive data.
CVE-2026-20674: Jacob Prezant (prezant.us)
- Bluetooth
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker in a privileged network position may be able to perform denial-of-service attack using crafted Bluetooth packets
Description: A denial-of-service issue was addressed with improved validation.
CVE-2026-20650: jioundai
- Call History
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A user with Live Caller ID app extensions turned off could have identifying information leaked to the extensions
Description: A logic issue was addressed with improved checks.
CVE-2026-20638: Nils Hanff (@nils1729@chaos.social) of Hasso Plattner Institute
- CFNetwork
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A remote user may be able to write arbitrary files
Description: A path handling issue was addressed with improved logic.
CVE-2026-20660: Amy (amys.website)
- CoreAudio
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CVE-2026-20611: Anonymous working with Trend Micro Zero Day Initiative
- CoreMedia
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted file may lead to a denial-of-service or potentially disclose memory contents
Description: The issue was addressed with improved memory handling.
CVE-2026-20609: Yiğit Can YILMAZ (@yilmazcanyigit)
- CoreServices
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to gain root privileges
Description: A race condition was addressed with improved state handling.
CVE-2026-20617: Gergely Kalman (@gergely_kalman), Csaba Fitzl (@theevilbit) of Iru
- CoreServices
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to gain root privileges
Description: A path handling issue was addressed with improved validation.
CVE-2026-20615: Csaba Fitzl (@theevilbit) of Iru and Gergely Kalman (@gergely_kalman)
- CoreServices
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.
CVE-2026-20627: an anonymous researcher
- dyld
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report.
Description: A memory corruption issue was addressed with improved state management.
CVE-2026-20700: Google Threat Analysis Group
- Game Center
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A user may be able to view sensitive user information
Description: A logging issue was addressed with improved data redaction.
CVE-2026-20649: Asaf Cohen
- ImageIO
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: The issue was addressed with improved bounds checks.
CVE-2026-20675: George Karchemsky (@gkarchemsky) working with Trend Micro Zero Day Initiative
- ImageIO
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted image may result in disclosure of process memory
Description: The issue was addressed with improved memory handling.
CVE-2026-20634: George Karchemsky (@gkarchemsky) working with Trend Micro Zero Day Initiative
- Kernel
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination
Description: The issue was addressed with improved memory handling.
CVE-2026-20654: Jian Lee (@speedyfriend433)
- Kernel
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A malicious app may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2026-20626: Keisuke Hosoda
- Kernel
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker in a privileged network position may be able to intercept network traffic
Description: A logic issue was addressed with improved checks.
CVE-2026-20671: Xin'an Zhou, Juefei Pu, Zhutian Liu, Zhiyun Qian, Zhaowei Tan, Srikanth V. Krishnamurthy, Mathy Vanhoef
- LaunchServices
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to enumerate a user's installed apps
Description: The issue was resolved by sanitizing logging.
CVE-2026-20663: Zhongcheng Li from IES Red Team
- libexpat
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted file may lead to a denial-of-service
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
CVE-2025-59375
- libxpc
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to break out of its sandbox
Description: A logic issue was addressed with improved checks.
CVE-2026-20667: an anonymous researcher
- Live Captions
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: An authorization issue was addressed with improved state management.
CVE-2026-20655: Richard Hyunho Im (@richeeta) at Route Zero Security (routezero.security)
- Messages
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A shortcut may be able to bypass sandbox restrictions
Description: A race condition was addressed with improved handling of symbolic links.
CVE-2026-20677: Ron Masas of BreakPoint.SH
- Photos
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A person with physical access to an iOS device may be able to access photos from the lock screen
Description: An input validation issue was addressed.
CVE-2026-20642: Dalibor Milanovic
- Sandbox
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to break out of its sandbox
Description: A permissions issue was addressed with additional restrictions.
CVE-2026-20628: Noah Gregory (wts.dev)
- Sandbox Profiles
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
CVE-2026-20678: Oscar Garcia Perez, Stanislav Jelezoglo
- Screenshots
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to discover a user¡Çs deleted notes
Description: A logic issue was addressed with improved state management.
CVE-2026-20682: Viktor Lord Harrington
- Shortcuts
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
CVE-2026-20653: Enis Maholli (enismaholli.com)
- Spotlight
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A sandboxed app may be able to access sensitive user data
Description: The issue was addressed with additional restrictions on the observability of app states.
CVE-2026-20680: an anonymous researcher
- StoreKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to identify what other apps a user has installed
Description: A privacy issue was addressed with improved checks.
CVE-2026-20641: Gongyu Ma (@Mezone0)
- UIKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to bypass certain Privacy preferences
Description: This issue was addressed by removing the vulnerable code.
CVE-2026-20606: LeminLimez
- UIKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to iPhone may be able to take and view screenshots of sensitive data from the iPhone during iPhone Mirroring with Mac
Description: An inconsistent user interface issue was addressed with improved state management.
CVE-2026-20640: Jacob Prezant (prezant.us)
- VoiceOver
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: An authorization issue was addressed with improved state management.
CVE-2026-20661: Dalibor Milanovic
- WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 303959
CVE-2026-20652: Nathaniel Oh (@calysteon)
- WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 303357
CVE-2026-20608: HanQing from TSDubhe and Nan Wang (@eternalsakura13)
- WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A website may be able to track users through Safari web extensions
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 305020
CVE-2026-20676: Tom Van Goethem
- WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 303444
CVE-2026-20644: HanQing from TSDubhe and Nan Wang (@eternalsakura13)
WebKit Bugzilla: 304657
CVE-2026-20636: EntryHi
WebKit Bugzilla: 304661
CVE-2026-20635: EntryHi
- Wi-Fi
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
CVE-2026-20621: Wang Yu of Cyberserval
