AppleがiPhoneなど向けiOS 26.5.2とiPadOS 26.5.2をリリース!
Appleは29日(現地時間)、同社が販売するスマートフォン(スマホ)「iPhone」シリーズ向けプラットフォーム「iOS」とタブレット「iPad」シリーズ向けプラットフォーム「iPadOS」の最新バージョン「iOS 26.5.2(23F84)」および「iPadOS 26.5.2(23F84)」を提供開始したとお知らせしています。変更点は脆弱性の修正となっており、セキュリティーアップデートについてはCVEに登録されているKernel関連の脆弱性「CVE-2026-43724」などの37個の脆弱性が修正されているということです。
対象機種はiOS 26.5.2では最新の「iPhone 17e」を含めたiPhone 11シリーズ以降やiPhone SE(第2世代)以降が対象、iPadOS 26.5.2ではiPad(第8世代)以降やiPad mini(第5世代)以降、iPad Air(第3世代)以降、12.9インチiPad Pro(第3世代)以降および11インチiPad Pro(第1世代)以降のiPad Proシリーズが対象で、各製品にて無料で更新可能です。なお、iOS 18の対象機種だったiPhone XSシリーズおよびiPhone XR、iPadOS 18の対象機種だったiPad(第7世代)はそれぞれ対象外となっています。
iPhone向けのiOSやiPad向けのiPadOSの最新メジャーバージョンとして先ごろよりiOS 26.0とiPadOS 26.0が提供開始されていましたが、これらに続けて新機能が追加されたiOS 26.1とiPadOS 26.1、iOS 26.2とiPadOS 26.2、iOS 26.3とiPadOS 26.3、iOS 26.4とiPadOS 26.4、iOS 26.5とiPadOS 26.5が提供されており、その後、iOS 26.5の不具合が修正されたiOS 26.5.1が提供されてきましたが、今回、iOS 26.5.1やiPadOS 26.5の不具合と脆弱性を修正したiOS 26.5.2とiPadOS 26.5.2がリリースされました。iOS 26.5.2およびiPadOS 26.5.2の対象機種は以下の通り。
<iOS 26対応製品>
・iPhone 17e
・iPhone 17
・iPhone 17 Pro
・iPhone 17 Pro Max
・iPhone Air
・iPhone 16e
・iPhone 16
・iPhone 16 Plus
・iPhone 16 Pro
・iPhone 16 Pro Max
・iPhone 15
・iPhone 15 Plus
・iPhone 15 Pro
・iPhone 15 Pro Max
・iPhone 14
・iPhone 14 Plus
・iPhone 14 Pro
・iPhone 14 Pro Max
・iPhone 13
・iPhone 13 mini
・iPhone 13 Pro
・iPhone 13 Pro Max
・iPhone 12
・iPhone 12 mini
・iPhone 12 Pro
・iPhone 12 Pro Max
・iPhone 11
・iPhone 11 Pro
・iPhone 11 Pro Max
・iPhone SE(第3世代)
・iPhone SE(第2世代)
<iPadOS 26対応製品>
・iPad(第8世代)
・iPad(第9世代)
・iPad(第10世代)
・iPad(A16)
・iPad mini(第5世代)
・iPad mini(第6世代)
・iPad mini(A17 Pro)
・iPad Air(第3世代)
・iPad Air(第4世代)
・iPad Air(第5世代)
・11インチiPad Air(M2)
・11インチiPad Air(M3)
・11インチiPad Air(M4)
・13インチiPad Air(M2)
・13インチiPad Air(M3)
・13インチiPad Air(M4)
・11インチiPad Pro(第1世代)
・11インチiPad Pro(第2世代)
・11インチiPad Pro(第3世代)
・11インチiPad Pro(第4世代)
・11インチiPad Pro(M4)
・11インチiPad Pro(M5)
・12.9インチiPad Pro(第3世代)
・12.9インチiPad Pro(第4世代)
・12.9インチiPad Pro(第5世代)
・12.9インチiPad Pro(第6世代)
・13インチiPad Pro(M4)
・13インチiPad Pro(M5)
更新は従来通り各製品本体のみでOTA(On-The-Air)によりダウンロードで行え、方法としては、「設定」→「一般」→「ソフトウェア・アップデート」から行え、単体でアップデートする場合のダウンロードサイズは手持ちのiPhone 15 Pro MaxでiOS 26.5からだと13.58GBとなっています。またiTunesをインストールしたWindowsおよびMacとUSB-Lightningケーブルで接続しても実施できます。なお、Appleが案内しているアップデートの内容およびセキュリティーコンテンツの修正は以下の通り。
iOS 26.5.2
このアップデートには、iPhone用のセキュリティ修正が含まれています。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/100100
iPadOS 26.5.2
このアップデートには、iPad用のセキュリティ修正が含まれています。
Appleソフトウェアアップデートのセキュリティコンテンツについては、以下のWebサイトをご覧ください: https://support.apple.com/100100
iOS 26.5.2 and iPadOS 26.5.2
Released June 29, 2026– IOGPUFamily
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination
Description: A race condition was addressed with improved state handling.
CVE-2026-43743: Lyutoon, Dun– Kernel
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: The issue was addressed with improved input sanitization.
CVE-2026-43724: Hyunwoo Kim (@v4bel)– Kernel
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to leak sensitive kernel state
Description: The issue was addressed with improved input sanitization.
CVE-2026-43722: Feng Xue and XGPT of ThreatBook, Hyunwoo Kim (@v4bel)– Kernel
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination or corrupt kernel memory
Description: This issue was addressed with improved input validation.
CVE-2026-39868: Vladislav Shevchenko (Positive Technologies), Ye Zhang (@VAR10CK) of Baidu Security, Billy Jheng Bing Jhong and Pan Zhenpeng (@Peterpan0927) of STAR Labs SG Pte. Ltd.– libxslt
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A double free issue was addressed with improved memory management.
CVE-2026-43706: Tristan Madani (@TristanInSec) from Talence Security– libxslt
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
CVE-2026-43703: Tristan Madani (@TristanInSec) from Talence Security– Web Extensions
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A malicious web extension may be able to cause an unexpected process crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 314642
CVE-2026-43704: dr3dd– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may disclose sensitive user information
Description: A cross-origin issue was addressed with improved tracking of security origins.
WebKit Bugzilla: 315368
CVE-2026-43700: Vitaly Simonovich, Christian Meurer Xavier– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A malicious website may exfiltrate data cross-origin
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 313357
CVE-2026-43735: Merrick Hare, Drinor Selmanaj (Sentry), Khai Tran, John Lussier, Rhyru9, Kwak Kiyong, Song Nuri– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 313693
CVE-2026-43734: Jonathan Alush-Aben
WebKit Bugzilla: 313857
CVE-2026-43726: Josef Korbel (Citadelo), Tristan Madani (@TristanInSec) from Talence Security, Gia Bui (@yabeow) from Calif.io, Narendra Singh (@_3P1C)
WebKit Bugzilla: 314398
CVE-2026-43709
WebKit Bugzilla: 317227
CVE-2026-43699: Tommy DeVoss from Braze Security Team (@thedawgyg)
WebKit Bugzilla: 315161
CVE-2026-43742: Юлия Мерцалова– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may disclose sensitive user information
Description: A path handling issue was addressed with improved validation.
WebKit Bugzilla: 313085
CVE-2026-43732: Nan Wang (@eternalsakura13)– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to memory corruption
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 314115
CVE-2026-43731: dr3dd
WebKit Bugzilla: 313577
CVE-2026-43715: Milad Nasr and Nicholas Carlini with Claude, Anthropic– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 313691
CVE-2026-43727: Tommy DeVoss from Braze Security Team (@thedawgyg), Gia Bui (@yabeow) from Calif.io, Gurpreet Shergill– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A malicious website may be able to process restricted web content outside the sandbox
Description: The issue was addressed with improved input validation.
WebKit Bugzilla: 312832
CVE-2026-43725: Luke Francis– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 312781
CVE-2026-43663: Soyeon Park, Amy Burnett, Khai Tran, sherkito, Kota Toda, HexRabbit (@h3xr4bb1t) and NiNi (@terrynini38514) of DEVCORE Research Team, Using GLM From Z.AI, Tristan Madani (@TristanInSec) from Talence Security, Brian Carpenter
WebKit Bugzilla: 313528
CVE-2026-39872: Utkarsh Pal, Ignacio Sanmillan (@ulexec)
WebKit Bugzilla: 314235
CVE-2026-43712: Kwak Kiyong, Song Nuri, Tristan Madani (@TristanInSec) from Talence Security– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 315047
CVE-2026-43716: Tuan and Duc from Calif.io, OpenAI Codex Security – Amy Burnett, Evan Lambert– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: An out-of-bounds access issue was addressed with improved bounds checking.
WebKit Bugzilla: 317231
CVE-2026-43676: Mateusz Krzywicki (iVerify.io), dr3dd, Tommy DeVoss from Braze Security Team (@thedawgyg)– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may result in the disclosure of process memory
Description: The issue was addressed with improved memory handling.
WebKit Bugzilla: 308046
CVE-2026-43740: Nathaniel Oh (@calysteon), Arni Hardarson– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Visiting a website may leak sensitive data
Description: A permissions issue was addressed with additional restrictions.
WebKit Bugzilla: 314806
CVE-2026-43713: Jody Ritonga– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A malicious website may exfiltrate data cross-origin
Description: The issue was addressed with improved input validation.
WebKit Bugzilla: 315306
CVE-2026-43708: Behzad Najjarpour Jabbari (@_G4ru_)– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A memory corruption issue was addressed with improved memory handling.
WebKit Bugzilla: 315951
CVE-2026-43707: OpenAI Codex Security – Amy Burnett– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to memory corruption
Description: A type confusion issue was addressed with improved checks.
WebKit Bugzilla: 314528
CVE-2026-43705: dr3dd– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A malicious website may be able to process restricted web content outside the sandbox
Description: The issue was addressed with improved checks.
WebKit Bugzilla: 315004
CVE-2026-43701: Aaron Grattafiori – NVIDIA AI Red Team– WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: An out-of-bounds write issue was addressed with improved input validation.
WebKit Bugzilla: 315365
CVE-2026-43745: OpenAI Codex Security – Amy Burnett, Khai Tran– WebKit Canvas
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 313175
CVE-2026-43720: Gia Bui (@yabeow) from Calif.io, Josef Korbel– WebKit Storage
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A malicious website may be able to silently hijack clipboard data
Description: This issue was addressed through improved state management.
WebKit Bugzilla: 313478
CVE-2026-43721: Idan Masas– WebRTC
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: An out-of-bounds access issue was addressed with improved bounds checking.
WebKit Bugzilla: 317324
CVE-2026-28979– WebRTC
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A stack overflow was addressed with improved input validation.
WebKit Bugzilla: 313350
CVE-2026-43718: Nan Wang (@eternalsakura13)– WebRTC
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash
Description: A use-after-free issue was addressed with improved memory management.
WebKit Bugzilla: 313351
CVE-2026-43717: Nan Wang (@eternalsakura13)
WebKit Bugzilla: 314090
CVE-2026-43746: dr3dd
■関連リンク
・エスマックス(S-MAX)
・エスマックス(S-MAX) smaxjp on Twitter
・S-MAX – Facebookページ
・iOS 26 関連記事一覧 – S-MAX
・iPadOS 26 関連記事一覧 – S-MAX
・iOS 26 のアップデートについて – Apple サポート (日本)
・iPadOS 26 のアップデートについて – Apple サポート (日本)
・iOS 26.5.2およびiPadOS 26.5.2のセキュリティコンテンツについて – Apple サポート (日本)
・Apple セキュリティアップデート – Apple サポート
コメント