Apple has released urgent security updates to address a zero-day vulnerability, CVE-2026-28950, affecting its products, including iOS, iPadOS and macOS Tahoe. If exploited, the vulnerability could allow attackers to take control of affected devices.

Security Risks

Successful exploitation of this vulnerability could allow attackers to gain complete control of affected devices, exposing sensitive data and bypassing security protections.

For the full list of security updates released by Apple, please refer to Apple security releases.

Recommended Actions

The National Cyber Security Authority (NCSA) recommends users and system administrators to:

1. Upgrade, as soon as possible, to the latest supported version of installed Apple software in order to continue receiving technical support and security patches.

The following software versions are available for upgrade:

• iOS 26.4.2 and iPadOS 26.4.2: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

• iOS 18.7.8 and iPadOS 18.7.8: iPhone XR, iPhone XS, iPhone XS Max, iPhone 11 (all models), iPhone SE (2nd generation), iPhone 12 (all models), iPhone 13 (all models), iPhone SE (3rd generation), iPhone 14 (all models), iPhone 15 (all models), iPhone 16 (all models), iPhone 16e, iPad mini (5th generation - A17 Pro), iPad (7th generation - A16), iPad Air (3rd - 5th generation), iPad Air 11-inch (M2 - M3), iPad Air 13-inch (M2 - M3), iPad Pro 11-inch (1st generation - M4), iPad Pro 12.9-inch (3rd - 6th generation), and iPad Pro 13-inch (M4).

• macOS Tahoe 26.4.1: macOS Tahoe

2. Enable background updates or automatic updates

3. Before any update task, ensure you have backup for your data.

For further information and support, please contact the National Cyber Security Authority (NCSA) by emailto rwcsirt@ncsa.gov.rw or call us on 9009.

References

• https://support.apple.com/en-us/100100