Reprinted from TidBITS by permission; reuse governed by Creative Commons license BY-NC-ND 3.0. TidBITS has offered years of thoughtful commentary on Apple and Internet topics. For free email subscriptions and access to the entire TidBITS archive, visit http://www.tidbits.com/ OS 26.3 Updates Focus on Bug and Security Fixes Adam Engst Apple has released version 26.3 of all its operating systems, a few weeks later than past performance would have predicted. Although the company has telegraphed the upcoming OS 26.4 as the release that will introduce the more personalized Siri, OS 26.3 is still remarkably light on identified changes. The release notes for each update simply say that it 'provides important bug fixes and security updates.' More importantly for most of us, each of these updates addresses a significant number of security vulnerabilities, and Apple also provides security patches for still-supported older versions: * [1]iOS 26.3 and iPadOS 26.3: 37 security vulnerabilities * [2]iOS 18.7.5 and iPadOS 18.7.5: 30 security vulnerabilities * [3]macOS Tahoe 26.3: 53 security vulnerabilities * [4]macOS Sequoia 15.7.4: 30 security vulnerabilities * [5]macOS Sonoma 14.8.4: 36 security vulnerabilities * [6]tvOS 26.3: 14 security vulnerabilities * [7]watchOS 26.3: 16 security vulnerabilities * [8]visionOS 26.3: 25 security vulnerabilities All the OS 26.3 updates address a vulnerability that Apple describes as being exploited 'in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.' That's the language Apple uses for bugs being exploited by spyware, but even those of us who don't typically worry about state-sponsored attacks would be smart to update soon. Curiously, although Apple says this vulnerability affects versions of iOS before iOS 26, the iOS 18.7.5 release notes make no mention of it. Enterprise Changes Perhaps because system administrators are a more technically demanding audience, Apple saw fit to detail the fixes for several of the updates. In macOS 26.3: * FileVault is correctly enabled for standard users when enforced by a device management configuration during Setup Assistant. * Screen Recording permissions for apps are shown correctly in System Settings when a device management configuration allows them to be enabled by standard users. * Platform SSO login completes successfully when using the User Principle [sic] Name if the identity provider password is changed outside of macOS. In iOS 26.3 and iPadOS 26.3: * Resolved an issue where the Global Address List was not returning search results in Mail and Calendar. * Basic Authentication Exchange accounts added via profile will not get stuck in the new account creation flow when password or S/MIME settings are modified, or when changing how emails are deleted. * The lock screen will be shown on Single App Mode devices when a passcode is set on the device. * Declarative device management software update notifications will not prompt repeatedly prior to the final 24-hour required update window. * New accounts will not be prevented from logging into Shared iPad due to insufficient storage. * Resolved an issue with devices losing communication with some device management services. * The App Store restriction can no longer be bypassed by using Spotlight search or Siri to find and download apps. References 1. https://support.apple.com/en-us/126346 2. https://support.apple.com/en-us/126347 3. https://support.apple.com/en-us/126348 4. https://support.apple.com/en-us/126349 5. https://support.apple.com/en-us/126350 6. https://support.apple.com/en-us/126351 7. https://support.apple.com/en-us/126352 8. https://support.apple.com/en-us/126353 .