iOS 26.4 drops — update now

Apple’s official security advisory for iOS 26.4 lists specific CVE IDs patched and shows many fixes tied to components ranging from Audio and WebKit to 802.1X and the Accounts subsystem, with affected-device ranges often starting at iPhone 11 and later. (support.apple.com) Independent coverage counts roughly 35–37 iPhone-specific vulnerabilities addressed in the build, and Apple’s support pages fold prior Background Security Improvements into the 26.4 release. (9to5mac.com) One notable patch, CVE-2026-28877, closed an authorization gap that could let an attacker with physical access bypass Stolen Device Protection to open biometrics‑gated Protected Apps using the passcode, and CVE-2026-28895 fixes a WebKit use‑after‑free that could be triggered by crafted content. (support.apple.com) Playlist Playground in Apple Music is explicitly described as a beta AI tool that generates a playlist title, description and full tracklist from text prompts, while the update also adds Offline Music Recognition in Control Center and new Ambient Music widgets for Sleep, Chill, Productivity and Wellbeing. (macrumors.com) Emoji changelogs show Apple added new designs including a distorted face, an orca, a Bigfoot‑style cryptid, ballet dancers and a treasure chest, and made a revision to the Puerto Rican flag emoji; some reports note eight entirely new emoji concepts among the overall design set. (blog.emojipedia.org) Install footprints can be large on modern iPhones—Forbes measured a 3.09GB download on an iPhone 17 Pro Max for the public release—and developer channels show the RC build identified as 23E244. (forbes.com) Apple’s 26.4 updates were released across platforms and security trackers aggregate the rollout as part of a broader patch cycle that addresses dozens of issues on multiple OSes—security outlets report more than 80 vulnerabilities fixed across iOS, macOS, watchOS, tvOS and visionOS combined. (arstechnica.com)