iOS 26.1 brings new features and security fixes

Apple has released iOS 26.1, which brings 56 security updates, along with some new features.

iOS 26.1 lets iPhone users adjust the Liquid Glass transparency effect, expands Apple Intelligence’s Live Translation to more languages, adds new gesture controls and more.

iOS 26.1 New Features

Liquid Glass setting

iOS 26.1 brings a new customisation option under Settings that lets users fine-tune how transparent system elements appear.

Apple says the Liquid Glass feature allows users to choose between the default clear interface and a new tinted mode that increases opacity in apps and Lock Screen notifications, improving text legibility and overall readability.

Lock Screen Swipe

A new control has been added to disable the swipe-to-open Camera shortcut on the Lock Screen.

Located under Settings > Camera > Lock Screen Swipe to Open Camera, this setting helps prevent accidental camera launches from the lock screen.

Live Translation

Apple is broadening the language availability of Apple Intelligence. The Live Translation feature for AirPods now supports additional languages including Chinese (simplified and traditional), Italian, Japanese, and Korean.

Apple Music

The Apple Music MiniPlayer now supports swipe gestures for skipping to the next or previous track.

Meanwhile, Apple Music AutoMix — which automatically blends tracks for continuous playback — can now be used via AirPlay.

Local Capture

Apple has added new options for users recording audio using external USB microphones.

There’s now control over gain levels, and a new Local Capture section in Settings lets users select where locally captured audio files are stored.

Other Features

Additional refinements include manual workout logging in the Fitness app, improved FaceTime audio performance under low-bandwidth conditions, and updated branding for the Apple TV app with a new logo and animation.

Users will also find a new “slide to stop” gesture for quickly stopping alarms and timers.

iOS 26.1 Security Updates

Some of the issues fixed in iOS 26.1 are quite serious, although none are known to have been exploited in attacks, yet.

Among the issues patched in iOS 26.1 are multiple flaws in WebKit, the engine that underpins the Safari browser. Tracked as CVE-2025-43495, one of the flaws could see an app able to monitor keystrokes without user permission.

iOS 26.1 fixes a flaw in the Kernel at the heart of the iOS operating system could see an app able to cause unexpected system termination.

Apple’s iOS 26.1 also fixes a flaw in its Stolen Device Protection tracked as CVE-2025-43422, which could see an attacker with physical access to a device able to disable Stolen Device Protection.

iOS 26.1 re-introduces Rapid Security Response updates under a new name, Background Security Improvements. These “updates” should be separate from other bug fixes and feature upgrades, meaning Apple will patch holes in your iPhone as soon as they are discovered.

Accessibility

Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to identify what other apps a user has installed

Description: A permissions issue was addressed with additional restrictions.

Apple Account

Impact: A malicious app may be able to take a screenshot of sensitive information in embedded views

Description: A privacy issue was addressed with improved checks.

Apple Neural Engine

Impact: An app may be able to cause unexpected system termination or corrupt kernel memory

Description: The issue was addressed with improved memory handling.

Apple TV Remote

Impact: A malicious app may be able to track users between installs

Description: The issue was addressed with improved handling of caches.

AppleMobileFileIntegrity

Impact: An app may be able to access protected user data

Description: This issue was addressed with improved validation of symlinks.

Assets

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved entitlements.

Audio

Impact: An attacker with physical access to an unlocked device paired with a Mac may be able to view sensitive user information in system logging

Description: A logging issue was addressed with improved data redaction.

Camera

Impact: An app may be able to learn information about the current camera view before being granted camera access

Description: A logic issue was addressed with improved checks.

CloudKit

Impact: An app may be able to break out of its sandbox

Description: This issue was addressed with improved validation of symlinks.

Contacts

Impact: An app may be able to access sensitive user data

Description: A logging issue was addressed with improved data redaction.

Control Center

Impact: An attacker may be able to view restricted content from the lock screen

Description: A permissions issue was addressed with additional restrictions.

CoreServices

Impact: An app may be able to enumerate a user’s installed apps

Description: A permissions issue was addressed with additional restrictions.

CoreText

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: An out-of-bounds read was addressed with improved input validation.

FileProvider

Impact: An app may be able to access sensitive user data

Description: An authorization issue was addressed with improved state management.

Find My

Impact: An app may be able to fingerprint the user

Description: A privacy issue was addressed by moving sensitive data.

Installer

Impact: An app may be able to fingerprint the user

Description: A permissions issue was addressed with additional restrictions.

Kernel

Impact: An app may be able to cause unexpected system termination

Description: The issue was addressed with improved memory handling.

libxpc

Impact: A sandboxed app may be able to observe system-wide network connections

Description: An access issue was addressed with additional sandbox restrictions.

Mail Drafts

Impact: Remote content may be loaded even when the ‘Load Remote Images’ setting is turned off

Description: The issue was addressed by adding additional logic.

MallocStackLogging

Impact: An app may be able to access sensitive user data

Description: An issue existed in the handling of environment variables. This issue was addressed with improved validation.

Model I/O

Impact: Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory

Description: An out-of-bounds access issue was addressed with improved bounds checking.

Multi-Touch

Impact: A malicious HID device may cause an unexpected process crash

Description: The issue was addressed with improved bounds checks.

Notes

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed by removing the vulnerable code.

On-device Intelligence

Impact: An app may be able to fingerprint the user

Description: A privacy issue was addressed by removing sensitive data.

Photos

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved handling of temporary files.

CVE-2025-43391: Asaf Cohen

Safari

Impact: Visiting a malicious website may lead to address bar spoofing

Description: The issue was addressed with improved checks.

Safari

Impact: Visiting a malicious website may lead to user interface spoofing

Description: An inconsistent user interface issue was addressed with improved state management.

Impact: An app may be able to bypass certain Privacy preferences

Description: A privacy issue was addressed by removing sensitive data.

Sandbox Profiles

Impact: An app may be able to access sensitive user data

Description: A privacy issue was addressed with improved handling of user preferences.

Siri

Impact: A device may persistently fail to lock

Description: This issue was addressed through improved state management.

Status Bar

Impact: An attacker with physical access to a locked device may be able to view sensitive user information

Description: A logic issue was addressed with improved checks.

Stolen Device Protection

Available for: iPhone 11 and later

Impact: An attacker with physical access to a device may be able to disable Stolen Device Protection

Description: The issue was addressed by adding additional logic.

Text Input

Impact: Keyboard suggestions may display sensitive information on the lock screen

Description: This issue was addressed by restricting options offered on a locked device.

WebKit

Impact: A malicious website may exfiltrate data cross-origin

Description: The issue was addressed with improved checks.

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: This issue was addressed through improved state management.

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: This issue was addressed with improved checks.

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: The issue was addressed with improved memory handling.

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: This issue was addressed with improved checks

Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash

Description: A use-after-free issue was addressed with improved memory management.

Impact: An app may be able to monitor keystrokes without user permission

Description: The issue was addressed with improved checks.

Impact: Processing maliciously crafted web content may lead to memory corruption

Description: The issue was addressed with improved memory handling.

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: A use-after-free issue was addressed with improved memory management.

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: A buffer overflow was addressed with improved bounds checking.

Impact: Processing maliciously crafted web content may lead to an unexpected process crash

Description: Multiple issues were addressed by disabling array allocation sinking.

WebKit Canvas

Impact: A website may exfiltrate image data cross-origin

Description: The issue was addressed with improved handling of caches.

iOS 26.1 Supported Devices

iPhone 17
iPhone 17 Pro
iPhone 17 Pro Max
iPhone Air
iPhone 16
iPhone 16 Plus
iPhone 16 Pro
iPhone 16 Pro Max
iPhone 15
iPhone 15 Plus
iPhone 15 Pro
iPhone 15 Pro Max
iPhone 14
iPhone 14 Plus
iPhone 14 Pro
iPhone 14 Pro Max
iPhone 13
iPhone 13 mini
iPhone 13 Pro
iPhone 13 Pro Max
iPhone 12
iPhone 12 mini
iPhone 12 Pro
iPhone 12 Pro Max
iPhone 11
iPhone 11 Pro
iPhone 11 Pro Max
iPhone Xs
iPhone XS Max

As normal, to update to iOS 26.1 go to your iPhone Settings > General > Software Update and install 26.1 as soon as you possibly can.

iOS 26.1 brings new features and security fixes

iOS 26.1 New Features

Liquid Glass setting

Lock Screen Swipe

Live Translation

Apple Music

Local Capture

Other Features

iOS 26.1 Security Updates

Accessibility

Apple Account

Apple Neural Engine

Apple TV Remote

AppleMobileFileIntegrity

Assets

Audio

Camera

CloudKit

Contacts

Control Center

CoreServices

CoreText

FileProvider

Find My

Installer

Kernel

libxpc

Mail Drafts

MallocStackLogging

Model I/O

Multi-Touch

Notes

On-device Intelligence

Photos

Safari

Safari

Sandbox Profiles

Siri

Status Bar

Stolen Device Protection

Text Input

WebKit

WebKit Canvas

iOS 26.1 Supported Devices

iOS 26.0.1 brings bug fixes and security update

Apple releases ios 26 with Liquid Glass and more

Rapid Newsletters