Apple has released iOS 18.7.7 and iPadOS 18.7.7, providing a substantial list of security fixes for older devices that do not support the latest iOS 26 operating system.
Available for the iPhone XS, iPhone XS Max, iPhone XR, and the seventh-generation iPad, this maintenance update carries build number 22H333. It arrives alongside today's broader public rollout of iOS 26.4. Users can download the update over the air through the Software Update menu in Settings.
Apple strongly recommends this update for all eligible users, as it addresses over two dozen vulnerabilities across the system, including patches for the kernel, WebKit, and various network protocols.
Here are the security fixes included in the release: • 802.1X: An authentication issue was addressed with improved state management to prevent an attacker in a privileged network position from intercepting traffic (CVE-2026-28865). • AppleKeyStore: A use after free issue was addressed with improved memory management (CVE-2026-20637). • Audio: A use-after-free issue was addressed with improved memory management (CVE-2026-28879). • Clipboard: An issue allowing an app to access sensitive user data was addressed with improved validation of symlinks (CVE-2026-28866). • CoreMedia: An out-of-bounds access issue was addressed with improved bounds checking (CVE-2026-20690). • CoreUtils: A null pointer dereference was addressed with improved input validation (CVE-2026-28886). • Crash Reporter: A privacy issue was addressed by removing sensitive data to prevent apps from enumerating installed apps (CVE-2026-28878). • curl: A vulnerability in open source code was addressed (CVE-2025-14524). • DeviceLink: A parsing issue in the handling of directory paths was addressed with improved path validation (CVE-2026-28876). • Focus: A logging issue was addressed with improved data redaction (CVE-2026-20668). • iCloud: A permissions issue was addressed with additional restrictions (CVE-2026-28880). • ImageIO: A vulnerability in open source code was addressed (CVE-2025-64505). • iTunes Store: A path handling issue was addressed with improved validation, preventing a local attacker from bypassing Activation Lock (CVE-2025-43534). • Kernel: A logging issue was addressed with improved data redaction (CVE-2026-28868). • Kernel: An issue allowing an app to leak sensitive kernel state was addressed with improved authentication (CVE-2026-28867). • Kernel: A use after free issue was addressed with improved memory management to prevent unexpected system termination or kernel memory writing (CVE-2026-20687). • mDNSResponder: An issue allowing an app to leak sensitive kernel state was addressed with improved authentication (CVE-2026-28867). • Security: An issue allowing a local attacker to access Keychain items was addressed with improved permissions checking (CVE-2026-28864). • UIFoundation: A stack overflow was addressed with improved input validation (CVE-2026-28852). • Vision: An issue parsing a maliciously crafted file was addressed with improved memory handling (CVE-2026-20657). • WebKit: An issue preventing Content Security Policy enforcement was addressed through improved state management (CVE-2026-20665). • WebKit: A cross-origin issue in the Navigation API was addressed with improved input validation (CVE-2026-20643). • WebKit: A logic issue was addressed with improved state management to prevent remote attackers from viewing leaked DNS queries with Private Relay turned on (CVE-2025-43376). • WebKit: A logic issue was addressed with improved state management preventing malicious websites from accessing script message handlers intended for other origins (CVE-2026-28861). • WebKit: A logic issue was addressed with improved checks to prevent cross-site scripting attacks (CVE-2026-28871).
Get the iClarified Daily Newsletter
Apple news, rumors, tutorials, price drop alerts, in your inbox every evening, free.
Unsubscribe at any time.
Success!
You have been subscribed.
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
![Apple Releases macOS Sequoia 15.7.5 and macOS Sonoma 14.8.5 [Download]](/images/news/100324/100324/100324-160.jpg "Apple Releases macOS Sequoia 15.7.5 and macOS Sonoma 14.8.5 [Download]")
![Apple Officially Releases macOS Tahoe 26.4 With New Charge Limit Feature [Download]](/images/news/100319/100319/100319-160.jpg "Apple Officially Releases macOS Tahoe 26.4 With New Charge Limit Feature [Download]")
![Apple Officially Releases watchOS 26.4, tvOS 26.4, and visionOS 26.4 [Download]](/images/news/100318/100318/100318-160.jpg "Apple Officially Releases watchOS 26.4, tvOS 26.4, and visionOS 26.4 [Download]")
![Apple AirTag 4-Pack Drops to $59.99, Just $15 Per Tracker [Deal]](/images/news/100304/100304/100304-160.jpg "Apple AirTag 4-Pack Drops to $59.99, Just $15 Per Tracker [Deal]")
![AirPods Pro 3 Still $199.99 on Amazon ($50 Off) [Deal]](/images/news/100285/100285/100285-160.jpg "AirPods Pro 3 Still $199.99 on Amazon ($50 Off) [Deal]")
![AirPods Pro 3 Drop to $209.99 on Amazon ($40 Off) [Deal]](/images/news/100236/100236/100236-160.jpg "AirPods Pro 3 Drop to $209.99 on Amazon ($40 Off) [Deal]")
![Apple AirTag (1st Gen) 4-Pack Falls to $64 on Amazon [Deal]](/images/news/100218/100218/100218-160.jpg "Apple AirTag (1st Gen) 4-Pack Falls to $64 on Amazon [Deal]")
![Apple's New M5 MacBook Air Drops to $1,049 in Early Amazon Sale [Deal]](/images/news/100206/100206/100206-160.jpg "Apple's New M5 MacBook Air Drops to $1,049 in Early Amazon Sale [Deal]")
