Apple Releases iOS 26.4, macOS Tahoe 26.4, watchOS 26.4, visionOS 26.4, and More

Robert / March 24, 2026

Apple has released a full wave of software updates today — iOS 26.4, iPadOS 26.4, macOS Tahoe 26.4, watchOS 26.4, visionOS 26.4, tvOS 26.4, and legacy updates including iPadOS 18.7.7, macOS Sequoia 15.7.5, and macOS Sonoma 14.8.5. It’s a sweeping ecosystem push that arrives six weeks after the 26.3 release and brings new emoji, Apple Music upgrades, a long-awaited Family Sharing fix, and the first signs of Rosetta’s end of life on Mac.

Apple software update — 24rows.com

iOS 26.4 & iPadOS 26.4

The flagship updates for iPhone and iPad land with several quality-of-life improvements and a couple of genuinely fun new features.

8 new emoji are available in the keyboard, including an orca, trombone, landslide, ballet dancer, and distorted face — part of Unicode 16.0. Apple Music gains a Playlist Playground feature that generates playlists from text descriptions: type in a mood, activity, or vibe and the AI builds you a playlist. Family Sharing gets a long-requested fix: adult members can now use their own payment method when making purchases, rather than always routing through the family organizer’s card.

Under the hood, there’s end-to-end encryption for RCS messaging, improvements to Stolen Device Protection activation, and Apple Health adds a new Average Bedtime metric for sleep tracking. The iBoot bootloader has been quietly renamed to mBoot. Keyboard accuracy when typing quickly has also been improved — a small but noticeable fix for fast typists.

Accessibility gets attention too: a new Reduce Bright Effects option minimizes flashing or highlighting during interactions, and the Liquid Glass motion reduction settings have been refined. Wallpaper settings have been redesigned to support optional downloads, saving storage space.

iPadOS 26.4 also brings back the compact tab bar in Safari for those who missed the slimmed-down layout, along with updates to Apple Podcasts’ video experience.

The one thing notably absent: the revamped Siri with deeper app controls that many expected in this update has been delayed again. Bloomberg’s Mark Gurman reports those features are now likely slipping to iOS 26.5 or iOS 27. If you want to know what’s coming down the pipeline, see our WWDC 2026 preview and our earlier iOS 26.4 RC breakdown.

iOS 26.4 is available for all devices running iOS 26 (iPhone 11 and later, iPhone SE 2nd generation and newer).

macOS Tahoe 26.4

macOS Tahoe 26.4 is the most feature-rich desktop update in this cycle. The compact tab bar returns to Safari — it was removed early in Tahoe and many users have been waiting for it to come back. A new Charge Limit feature lets you set a maximum battery charge level anywhere from 80% to 100%, a useful tool for preserving long-term battery health on laptops. Previously you needed a third-party app like AlDente for this.

The eight new emoji characters also come to Mac, and Freeform gains Apple Creator Studio with advanced image creation tools and a premium content library. The Family Sharing payment change is here too.

Perhaps the most significant — and sobering — change: Rosetta 2 deprecation warnings. Starting with macOS 26.4, apps still relying on Rosetta 2 to run on Apple Silicon will display a popup warning that they will stop working after macOS 28. Rosetta support ends after macOS 27. If you have Intel-only apps in your workflow, now is the time to plan ahead. (Note: gaming titles and software running Intel binaries in Linux VMs will retain Rosetta support.)

macOS Tahoe 26 remains the last version of macOS to support Intel-based Macs. macOS 27 will be Apple Silicon only.

macOS Sequoia 15.7.5 & macOS Sonoma 14.8.5

Security and bug fix updates for Macs running Sequoia or Sonoma. If you’re not ready to move to macOS Tahoe, install these to stay current on security patches. The specific CVE details will be posted to Apple’s security releases page shortly.

iPadOS 18.7.7

A security and bug fix update for iPads that cannot run iPadOS 26. This covers older iPad models on the iOS 18 branch. Check Settings → General → Software Update to see if it’s available for your device.

For context on the broader security landscape for older devices, see our coverage of critical legacy security patches for iOS 15.8.7 and 16.7.15.

watchOS 26.4

Apple Watch gets a focused but useful update. The new Average Bedtime metric is added to the sleep features, syncing to the Health app so you can track how your actual bedtime affects overall sleep quality over time.

visionOS 26.4

Apple Vision Pro receives foveated streaming support for apps and games. This technology streams high-resolution video only to the precise area where you’re looking, while compressing the periphery — the result is higher visual quality and lower latency in streaming scenarios. It’s a meaningful step for immersive media on the headset.

tvOS 26.4 & HomePod Software 26.4

Apple TV finally removes the iTunes Movies and iTunes TV Shows apps — they’ve been non-functional for a long time, but they’re now gone entirely. A new Continuous Audio Connection option for HDMI output keeps a persistent audio signal alive rather than rehandshaking when you pause or switch formats. HomePod Software 26.4 ships alongside for cross-device consistency.

How to Update

iPhone / iPad: Settings → General → Software Update
Mac: System Settings → General → Software Update
Apple Watch: Watch app on iPhone → General → Software Update
Apple TV: Settings → System → Software Updates
Apple Vision Pro: Settings → General → Software Update

As always, back up your devices before updating — iCloud for iPhone and iPad, Time Machine for Mac.

Security Fixes in iOS 26.4

Apple has published the full security content for iOS 26.4 and iPadOS 26.4, listing 37 CVEs across the OS. Notably, no zero-days or actively exploited vulnerabilities are present — a cleaner release than 26.2 and 26.3.

High-Severity Highlights

  • App Protection (CVE-2026-28895): An attacker with physical access to an iPhone with Stolen Device Protection enabled may bypass biometrics-gated Protected Apps using only the passcode. iPhone 11 and later.
  • Security / Keychain (CVE-2026-28864): A local attacker may gain access to a user’s Keychain items. Improved permissions checking.
  • Siri (CVE-2026-28856): Physical access to a locked device may expose sensitive user information via Siri.
  • 802.1X (CVE-2026-28865): An attacker in a privileged network position may intercept network traffic. Discovered by Héloïse Gollier and Mathy Vanhoef at KU Leuven — the same team behind the KRACK Wi-Fi attack.
  • Telephony (CVE-2026-28858): A remote user may cause unexpected system termination or corrupt kernel memory via a buffer overflow. Discovered by KAIST SysSec Lab.
  • Baseband (CVE-2026-28874, CVE-2026-28875): Remote attackers may cause app termination. CVE-2026-28875 is specific to iPhone 16e.
  • Mail (CVE-2026-20692): “Hide IP Address” and “Block All Remote Content” settings may not apply to all mail content. Fixed by Nosebeard Labs.

Kernel (4 CVEs)

  • CVE-2026-20698 (DARKNAVY): An app may cause unexpected system termination or corrupt kernel memory.
  • CVE-2026-20687 (Johnny Franks): Use-after-free — an app may write to kernel memory.
  • CVE-2026-28868: An app may disclose kernel memory via a logging issue.
  • CVE-2026-28867 (Jian Lee): An app may leak sensitive kernel state.

WebKit (8 CVEs)

WebKit — the engine powering Safari and all in-app browsers on iOS — received eight patches, including two sandbox escapes:

  • CVE-2026-28859: Malicious website may process restricted web content outside the sandbox.
  • CVE-2026-28861: Malicious website may access script message handlers intended for other origins.
  • CVE-2026-28871: Visiting a crafted website may trigger a cross-site scripting attack.
  • CVE-2026-20643: Same Origin Policy bypass (previously patched in the 26.3.1 Background Security Improvement; now included in the full release).
  • CVE-2026-20665: Content Security Policy may not be enforced on maliciously crafted web content.
  • CVE-2026-20691: Crafted webpage may fingerprint the user. Fixed by Gongyu Ma.
  • CVE-2026-28857 / CVE-2026-20664: Processing malicious web content may crash the process.

Privacy & Data Access

  • CVE-2026-28866 (Clipboard): An app may access sensitive user data via symlinks.
  • CVE-2026-28870 (GeoServices): An app may access sensitive location data.
  • CVE-2026-28876 (DeviceLink): An app may access sensitive user data via a path-handling flaw.
  • CVE-2026-28882 / CVE-2026-28880 / CVE-2026-28833 (libxpc / iCloud): Apps may enumerate a user’s installed apps.
  • CVE-2026-20688 (Printing): An app may break out of its sandbox via a path-handling issue.
  • CVE-2026-28863 (Sandbox Profiles): An app may fingerprint the user.

The full security notes — including macOS Tahoe 26.4, watchOS 26.4, visionOS 26.4, and tvOS 26.4 — are available on Apple’s security releases page.