Skip to content
Tech News
← Back to articles

Security Bite: What stands out in the iOS 26.4 security release notes

2026-03-26 | original
read original get iOS 26.4 Security Guide → more articles
Why This Matters

The iOS 26.4 security update is crucial for both consumers and the tech industry as it patches over 35 vulnerabilities, including a significant bypass vulnerability that could compromise biometric-protected apps. This emphasizes Apple's ongoing commitment to enhancing device security and protecting user privacy amidst increasing cyber threats.

Key Takeaways

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

On Tuesday, along with the wide release of iOS 26.4, which had been in beta up until then, Apple dropped a hefty list of security patches addressing over 35 vulnerabilities. While most single-point releases usually come with a large number of fixes, there are a handful of notable ones here I want to bring attention to.

Here are the ones that caught my eye.

About Security Bite: The weekly Security Bite column and biweekly podcast is your deep dive into the ever-evolving world of Apple security. Arin Waichulis is a degreed IT professional and third-year security writer at 9to5Mac. Here, Arin takes a bite out of the most critical headlines impacting privacy and security so you can stay better informed.

Stolen Device Protection bypass

This is the biggest one. The vulnerability (CVE-2026-28895) allowed someone with physical access to an iPhone to bypass biometrically protected apps using only the passcode, even with Stolen Device Protection enabled. This means apps gated by the ‘Require Face ID’ option, which users can enable by long pressing an app icon, could still be accessed using just the device’s passcode.

If you’ve been following Security Bite, I recently broke down new Stolen Device Protection changes back in February. One of which is that Apple now enables the feature by default in iOS 26.4.

The whole point of Stolen Device Protection is in the name. It’s there to make a stolen iPhone useless even if the thief has your passcode.

A bypass like the one above undermines the feature’s premise entirely. Apple says the fix involved improved checks, and the issue is now patched.

If you’re interested in how Stolen Device Protection came to be, here’s the backstory.

... continue reading

Explore topics: ios 26.4 apple mosyle m1 chip edr
Related:
Apple blocks App Store updates for Mac app replacing Launchpad, a feature it no longer offers
Deal: 1st-gen Apple AirTag 4-Pack drops to price never seen before!
iOS 26.4 brings meaningful upgrades to your iPhone - including a long-awaited keyboard fix
Apple trained an AI that captions images better than models ten times its size
9to5Mac Daily: March 25, 2026 – iPhone Fold and Siri rumors

© 2026 GoKawiil

About | Editorial Policy | Contact