Apple has released iOS 26.4, which brings a bunch of new features, 37 security fixes and mandatory age checks for UK users.
Playlist Playground
Apple Music has a new Playlist Playground feature that lets users create a playlist with a text-based prompt.
In the Apple Music app, there’s an option to type in an idea and get automatic song suggestions for a playlist. Apple has some pre-set suggestions that include “morning coffee music,” “hip-hop party songs,” and “disco songs that defined the 1970s,” but you can type in any idea, mood, or feeling that you wish.
From there, the Playlist Playground feature will automatically generate a list of 25 songs, along with a custom title.
Playlists that you create can be customised further with additional text prompts, and you can select a cover and a description.
Unfortunately, Playlist Playground is currently limited to the United States.
Apple Music
Apple Music features a “Concerts Near You” feature that helps you find shows in your area and tour dates for artists that you’re a fan of. Apple is partnering with companies like Ticketmaster to provide local concert info.
Apple has redesigned albums and playlists, adding full-page artwork.
A song can be added to multiple playlists at the same time in the Apple Music app. In the add to playlist interface, there is a list button, and tapping it allows you to select multiple playlists at the same time.
Offline Music Recognition
In Control Center, the song recognition feature is now able to identify songs without an internet connection, providing results when you’re back online.
Ambient Music Widget
There is a new Ambient Music widget for the Home and Lock Screen. It supports playing different built-in ambient music options for sleep, productivity, wellbeing, and more.
Purchase Sharing
Adult members in a Family Sharing group can now use separate payment methods for purchases, rather than having to share a single payment method.
Apple Podcasts
The Podcasts app will now let users switch between watching and listening to shows, with videos able to be downloaded for offline viewing. HLS ensures smooth playback regardless of network connection, so videos will work on Wi-Fi or cellular.
Apple says that the new video episodes will integrate with existing Apple Podcasts features, including personalised recommendations and editorial suggestions in the New and Category sections.
Stolen Device Protection
Stolen Device Protection is now enabled by default for all iPhone users, rather than being an opt-in feature.
Messages
There are new animations in the Messages app for actions like launching a new conversation.
Camera
In the Settings section of the Camera app, there is a new Audio Zoom toggle. The feature causes recorded audio to focus on the subject when the camera is zoomed while recording a video.
The feature has always been automatically active when necessary, but it can now be turned on or off, depending on the audio settings you prefer.
CarPlay
With iOS 26.4, AI services like Claude, Gemini, and ChatGPT are accessible through the CarPlay system for the first time.
The new integration lets CarPlay users access voice-based apps like ChatGPT to ask questions hands-free, but the apps will not be able to control vehicle or iPhone functions.
There also won’t be a wake word option to activate a third-party app, so users will still need to open the app to use the chatbot. After an app is launched, the customizable voice control screen will give users vehicle-optimized chatbot experiences.
Third-party apps need to implement support for the feature, so it may take some time for the functionality to be available.
Apple Account Unified Design
In the App Store, Apple Music, and other apps that have user settings, there is a new unified Apple Account hub that replaces the existing profile feature.
It offers largely the same functionality as the prior profile settings for each app, but there is a new unified design.
The App Store merges apps and purchase history, and has a dedicated section for app updates. It now takes two taps to get to app updates rather than having them available at the bottom of the profile page.
The App Store’s navigation bar also no longer features Search as a separate button, and the search bar itself is at the top when tapped rather than the bottom.
Improved keyboard accuracy
One important bug fix Apple has fixed in iOS 26.4 is improved keyboard accuracy when typing quickly.
The bug, which had frustrated users, could make characters appear to register on the keyboard without actually being inserted into the text field.
That in turn could affect autocorrect, because missed letters made it harder for the software to predict what a user intended to type.
Wallpaper and Watch Face Gallery
The Wallpaper Gallery has an updated design that allows Wallpapers from each category like Weather, Astronomy, Emoji, Colours and more to be downloaded to the iPhone.
The Watch Face Gallery in the Apple Watch app also features the same design change.
Captions
Subtitle and caption customisation settings are available from the captions icon when viewing media, which makes them easier to access and change.
Freeform Creator Studio
Freeform Creator Studio is now live in iOS 26.4, allowing Creator Studio subscribers to access new Freeform features.
Creator Studio for Freeform adds a dedicated Content Hub that houses the Freeform shape options.
Creator Studio users will be able to access free, high-quality content like graphics, photos, and illustrations that are not available to non-subscribers, plus there are AI capabilities for creating and editing images.
Freeform also has a new icon.
Reminders
The Reminders app has a new “Urgent” section. Reminders that have Urgent toggled on during creation will show up here.
Urgent ensures that reminders have an accompanying alarm so you get a clear warning when a reminder is due.
Reminders can also be marked as urgent from the Quick Toolbar or by touching and holding.
iCloud Web Settings
In the iCloud section of the Settings app, there’s now an “iCloud.com” option. This replaces the simple “Access iCloud Data on the Web” toggle that was previously available.
The setting includes a new “Allow Search” toggle that lets trusted Apple devices provide search results to iCloud.com.
Health App
iOS 26.4 includes a new Average Bedtime metric for the sleep section of the Health app, providing a better idea of how bedtime can impact sleep quality.
Apple has also updated the Vitals section of the Health app in the U.S., and now includes blood oxygen level on the line graph overview that’s available each day.
In iOS 26.3 and earlier versions of iOS 26, there was a section for the blood oxygen level, but the graph did not include a blood oxygen measurement.
Reduce Motion and Bright Effects
There’s a new Reduce Bright Effects option that minimises bright flashes when tapping on interface elements like buttons.
The Reduce Motion setting also more reliably reduces the animations of Liquid Glass for those who prefer less movement.
Hotspot Data
Apple has moved the location of hotspot data usage. Rather than having data usage metrics tucked away under Cellular, you’ll see how much data you’ve used right in the Personal Hotspot section.
Emoji
iOS 26.4 adds eight new emoji characters, including trombone, treasure chest, distorted face, hairy creature (Sasquatch), fight cloud, orca, landslide, and ballet dancer.
There are also new skin tone modifiers for people wrestling and dancers with bunny ears.
Mandatory Age Checks – UK
For users in the United Kingdom, Apple has implemented Mandatory Age Checks. This requires all users to prove their age to change content restrictions and restricts access to other features.
To do this, ID or a credit card could be used as confirmation. Apple doesn’t accept debit cards as proof, as these are available in the U.K. to people under 18.
Security
In total there are 37 security fixes in iOS 26.4, including around six based on WebKit, the heart of the Safari browser. There are another two fixes concerned with audio issues which could lead to crashes, for instance, and one concerned with iCloud and permissions given to apps.
The kernel, central to the iPhone OS, was the target for four more security fixes in this release and could allow bad actors to corrupt the kernel in one case.
Siri was also vulnerable to someone with physical access to a locked device who might be able to view sensitive user information.
There were even fixes for items in the iPhone list of capabilities such as telephony. This could cause “unexpected system termination” or corrupt the kernel.
iOS 26.4 Security Updates
802.1X
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker in a privileged network position may be able to intercept network traffic
Description: An authentication issue was addressed with improved state management.
Accounts
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: An authorization issue was addressed with improved state management.
App Protection
Available for: iPhone 11 and later
Impact: An attacker with physical access to an iOS device with Stolen Device Protection enabled may be able to access biometrics-gated Protected Apps with the passcode
Description: The issue was addressed with improved checks.
Audio
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: A use-after-free issue was addressed with improved memory management.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker may be able to cause unexpected app termination
Description: A type confusion issue was addressed with improved memory handling.
Baseband
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A remote attacker may cause an unexpected app termination
Description: The issue was addressed with improved checks.
Available for: iPhone 16e
Impact: A remote attacker may be able to cause a denial-of-service
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2026-28875: Tuan D. Hoang and Yongdae Kim @ KAIST SysSec Lab
Calling Framework
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A remote attacker may be able to cause a denial-of-service
Description: A denial-of-service issue was addressed with improved input validation.
Clipboard
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: This issue was addressed with improved validation of symlinks.
CoreMedia
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing an audio stream in a maliciously crafted media file may terminate the process
Description: An out-of-bounds access issue was addressed with improved bounds checking.
CoreUtils
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A user in a privileged network position may be able to cause a denial-of-service
Description: A null pointer dereference was addressed with improved input validation.
Crash Reporter
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to enumerate a user’s installed apps
Description: A privacy issue was addressed by removing sensitive data.
curl
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An issue existed in curl which may result in unintentionally sending sensitive information via an incorrect connection
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
DeviceLink
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: A parsing issue in the handling of directory paths was addressed with improved path validation.
GeoServices
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to access sensitive user data
Description: An information leakage was addressed with additional validation.
iCloud
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to enumerate a user’s installed apps
Description: A permissions issue was addressed with additional restrictions.
ImageIO
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing a maliciously crafted file may lead to unexpected app termination
Description: This is a vulnerability in open source code and Apple Software is among the affected projects. The CVE-ID was assigned by a third party. Learn more about the issue and CVE-ID at cve.org.
Kernel
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to disclose kernel memory
Description: A logging issue was addressed with improved data redaction.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to leak sensitive kernel state
Description: This issue was addressed with improved authentication.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination or corrupt kernel memory
Description: The issue was addressed with improved memory handling.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause unexpected system termination or write kernel memory
Description: A use after free issue was addressed with improved memory management.
libxpc
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to enumerate a user’s installed apps
Description: This issue was addressed with improved checks.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: “Hide IP Address” and “Block All Remote Content” may not apply to all mail content
Description: A privacy issue was addressed with improved handling of user preferences.
Printing
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to break out of its sandbox
Description: A path handling issue was addressed with improved validation.
Sandbox Profiles
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to fingerprint the user
Description: A permissions issue was addressed with additional restrictions.
Security
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A local attacker may gain access to user’s Keychain items
Description: This issue was addressed with improved permissions checking.
Siri
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An attacker with physical access to a locked device may be able to view sensitive user information
Description: The issue was addressed with improved authentication.
Telephony
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A remote user may be able to cause unexpected system termination or corrupt kernel memory
Description: A buffer overflow was addressed with improved bounds checking.
UIFoundation
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: An app may be able to cause a denial-of-service
Description: A stack overflow was addressed with improved input validation.
WebKit
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
Description: This issue was addressed through improved state management.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may bypass Same Origin Policy
Description: A cross-origin issue in the Navigation API was addressed with improved input validation.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Visiting a maliciously crafted website may lead to a cross-site scripting attack
Description: A logic issue was addressed with improved checks.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: Processing maliciously crafted web content may lead to an unexpected process crash
Description: The issue was addressed with improved memory handling.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A malicious website may be able to access script message handlers intended for other origins
Description: A logic issue was addressed with improved state management.
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A malicious website may be able to process restricted web content outside the sandbox
Description: The issue was addressed with improved memory handling.
WebKit Sandboxing
Available for: iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
Impact: A maliciously crafted webpage may be able to fingerprint the user
Description: An authorisation issue was addressed with improved state management.
iOS 26.4 Supported Devices
- iPhone 17
- iPhone 17 Pro
- iPhone 17 Pro Max
- iPhone Air
- iPhone 16
- iPhone 16 Plus
- iPhone 16 Pro
- iPhone 16 Pro Max
- iPhone 15
- iPhone 15 Plus
- iPhone 15 Pro
- iPhone 15 Pro Max
- iPhone 14
- iPhone 14 Plus
- iPhone 14 Pro
- iPhone 14 Pro Max
- iPhone 13
- iPhone 13 mini
- iPhone 13 Pro
- iPhone 13 Pro Max
- iPhone 12
- iPhone 12 mini
- iPhone 12 Pro
- iPhone 12 Pro Max
- iPhone 11
- iPhone 11 Pro
- iPhone 11 Pro Max
To update to iOS 26.4 go to your iPhone Settings > General > Software Update and install 26.4 as soon as you possibly can.
