iOS news: updates, security, and ecosystem

If you follow the world of Apple closely, you'll know that the pace of change in iOS, security and device ecosystem It's constant and, at times, a little dizzying. Between system updates, controversies with the app store, critical vulnerabilities, and high-level certifications, it's not always easy to get a clear picture of what's going on with the iPhone operating system.

In recent weeks, several powerful stories have converged: a new version of iOS focused on stability and performance, a direct conflict between Epic Games and Apple over app distribution, and a worrying report about an exploit kit capable of steal cryptocurrencies from iPhones And, at the same time, confirmation that iPhones and iPads can handle classified NATO information. It may sound contradictory, but it best reflects how security and current events surrounding iOS are evolving today.

Latest iOS news: update 26.3.1 and ecosystem maintenance

Apple maintains a genuine machinery with continuous updates so that all its devices fit together like a puzzle within the ecosystem. The company recently released iOS 26.3.1, a revision that, although it may seem small in version number, has considerable depth in terms of internal refinements and compatibility with the latest hardware.

This version focuses on ensuring that the synchronization between the newest hardware and the system It's sleek and stable. It doesn't arrive alone: ​​it's accompanied by new iterations of iPadOS, macOS, and the Studio Display's specific firmware, demonstrating that Apple's vision remains that of a closed but highly cohesive ecosystem, where every piece of software is tailored to the latest devices.

Xataka and other specialized media outlets highlight that iOS news is no longer limited to just the iPhone: they follow in detail the changes that affect... iPhone, iPad, iOS, Mac and macOSalong with rumors of new releases, release dates, feature leaks, and patches that fix problems from previous versions.

The company reminds users that it is advisable to always stay on the latest version, as fundamental improvements in iOS are usually closely tied to it. security updates and bug fixes that aren't advertised with big headlines but make a difference in everyday use.

Integration with new hardware and stability improvements

The main focus of iOS 26.3.1 is on the improved compatibility with devices and peripherals introduced during the last quarter. Although Apple doesn't go into all the details, the goal is for the connection with accessories and new models to be as automatic and seamless as possible, without the user having to struggle with pairings or complicated configurations.

Work has been done to ensure that integration with this new hardware is the most transparent and efficient possible. In practice, this translates to fewer connection drops, faster accessory recognition, and a more consistent experience across different devices linked to the same iCloud account.

In day-to-day life, one of the most noticeable changes is that the system feels somewhat different. faster when opening applicationsThe adjustment is subtle, but it's especially noticeable with third-party apps that previously took a little longer to load. Furthermore, multitasking has regained some of that fluidity that sometimes diminishes after months of intensive use and successive updates.

Even so, not everything is perfect. Some minor visual errors remain, such as that curious glitch that It causes the wallpaper to lose saturation. under certain lighting or usage conditions. It hasn't disappeared in this revision, so we'll have to wait for future versions to see if it's completely resolved.

Security and storage management in iOS 26.3.1

One of the points that generates the most debate every time Apple releases an update is the total lack of transparency regarding security patchesWith iOS 26.3.1, the company has again opted to publish limited information: for the moment, the detailed list of corrected CVE (Common Vulnerabilities and Exposures) entries has not been offered, which makes it impossible to know exactly which vulnerabilities have been patched.

Although this may frustrate some members of the technical community, the general recommendation from experts remains the same: update as soon as possibleMost critical security fixes arrive through these intermediate versions, even when Apple doesn't detail all the vulnerabilities it has closed.

There's also good news for those running low on storage space. iOS 26.3.1 introduces an optimization of size occupied by the operating system in internal storageApple has slightly reduced the system file size, allowing you to free up a few extra megabytes without the user having to do anything.

Among the specific improvements that have been observed are several technical adjustments that help to free up resources:

• The essential components of the system They now occupy slightly less space in the internal memory of the device.
• The automated cleaning of the cache generated during installationleaving less waste after updating.
• Managing shared libraries and common resources in memory is more efficientso that less data is duplicated.

This “thinning” of the system is especially relevant for the iPhone with lower storage capacityEspecially entry-level models. That small margin gained can make the difference between being able to install a demanding game or having to start deleting photos and videos against the clock.

Battery autonomy, performance, and behavior

Every time a new version of iOS is released, one of the first topics that sparks discussion in forums is the battery life after updateWith iOS 26.3.1, initial analyses point to mixed results depending on the age of the device and how it is used.

In the most modern models, the autonomy remains quite good. stable and without dramatic changesThere is neither a miraculous increase nor a worrying drop: consumption remains in line with previous versions, with predictable behavior both in intensive use and at rest.

However, some users with iPhones from three or four years ago are commenting on a slight reduction in daily battery lifeThis type of initial drop is usually normal: after installing a new version, the system spends time reindexing files, photos, documents and internal data, which can increase consumption for a few days.

Therefore, experts recommend waiting at least a couple of full charging cycles before assessing whether the battery life has actually worsened or if it's just a temporary issue. internal system adjustment processIf after that time the consumption is still skyrocketing, then it might make sense to review settings or consider a clean restore.

Synthetic performance tests confirm that Apple has preferred to focus on the stability under load and temperature control rather than squeezing more raw power out of the system. There aren't any dramatic increases in benchmark scores, but there is a more consistent response when running demanding tasks like video editing or graphically intensive games, reducing processor overheating spikes.

Availability of iOS 26.3.1 and specifics for beta users

iOS version 26.3.1 is now available for download worldwide via OTA (Over The Air) for any iPhone running on iOS 26 or laterSimply go to the system update settings and launch the download from the device itself, without needing to connect it to the computer.

However, there is a special situation for those testing beta versions. Users who have the iOS 26.4 beta You won't see iOS 26.3.1 available as an option within the settings; the beta channel always prioritizes the latest experimental version over intermediate stable builds.

If any beta user experiences serious errors and wants to revert to the stable version 26.3.1, they will have to resort to a manual downgrade process from a computerThis involves connecting the iPhone to a Mac or PC, restoring the firmware, and, in many cases, restoring from a backup. It's not a step to be taken lightly, unless the beta bugs are significantly impacting daily use.

Apple hasn't forgotten about devices that can no longer be updated to branch 26 either. In parallel, it has been published iOS 18.7.6 for older modelsThis version doesn't introduce major new features, but it does include security patches and important fixes to ensure that these devices remain usable and, above all, are protected against recent threats.

With these types of parallel launches, the company is trying to extend the product lifecycle as much as possible. lifespan of iPhones that many users still keepeven though they are no longer on the list of devices compatible with the latest versions of the system.

Epic Games vs Apple: Clash over the App Store and iOS rules

While the operating system continues its update cycle, the battle for control of app distribution on iOS continues. Epic Games, the company responsible for Fortnite and the future Epic Games Store mobile, has publicly denounced that Apple has rejected his proposal for an alternative store for iPhone.

According to Epic, the iOS version of the Epic Games Store was rejected by Apple because it was considered Too similar to the App Store in design and functionality. The Cupertino firm reportedly argued that the proposal violates its internal guidelines, which Epic interprets as an “arbitrary” and “obstructive” decision, especially in light of European Union competition rules.

For Epic, this rejection clashes with the spirit of European regulations that seek Open the iOS ecosystem to alternative stores and distribution methodsThe company maintains that Apple continues to use its dominant position to control which stores can and cannot operate within the system, beyond reasonable security requirements.

The dispute adds to a long list of legal and commercial frictions between the two companies, which began with the Fortnite's removal from the App Store for integrating its own in-app payment system. Since then, the case has become a symbol of the debate about the extent to which Apple can set the rules of the game on its platform.

“Coruna” vulnerability in iOS: an exploit kit to steal cryptocurrencies

While some parts of the system are being reinforced, a report from Google's Threat Intelligence Group (GTIG) has been released revealing a very serious campaign against iPhone users. It involves a set of linked vulnerabilities in iOS, dubbed as “Coruna” by its developerswhich allowed them to take control of the phone and steal cryptocurrencies stored in software wallets.

According to the published data, these vulnerabilities affected iOS versions ranging from the 13 to 17.2.1That is, launched between September 2019 and December 2023. The most worrying thing is that they were actively exploited during 2025 by attackers, without most victims being aware of it.

Apple addressed these flaws in stages, including partial patches in system updates without making a detailed public announcement about the scope of the threat. The first patch related to Coruna appeared in January 2024, but the kit remained operational longer due to other vulnerabilities in the same set that had not yet been fixed.

The cryptocurrency theft linked to these vulnerabilities was detected in late 2025. According to the GTIG report, the campaign targeted users who were using cryptocurrency wallets in app format, taking advantage of weaknesses in both the browser and the internal handling of keys.

Although Google indicates that Coruna is not effective against the latest version of iOS currently available, its analysts are cautious: several of the 23 vulnerabilities that make up this kit They don't yet have a confirmed patch within the public information of the report, so the case is far from being considered completely closed.

How the attack worked and why it affected cryptocurrency wallets

One of the most unsettling aspects of Coruna is that the user didn't have to install anything unusual or click on strange links in suspicious emails. All they had to do was... visit a website that has been compromised so that the attack would begin running in the background, exploiting flaws in the iPhone's browser.

Once that entry point was exploited, the exploit silently took control of the operating system. From there, a malware custom-designed to move around the device, with the ability to inspect notes, photos, and installed applications for sensitive information.

The payload (the part of the code that carries out the theft) was specialized in identifying recovery phrases, private keys, and other financial data related to cryptocurrency wallets. The report mentions that the campaign focused on a specific list of 18 digital wallet applications, including MetaMask, Trust Wallet, Phantom, and Exodus.

Interestingly, the analysis indicates that the focus was on ecosystems such as Ethereum, Solana or TONWhile wallets dedicated exclusively to Bitcoin are not mentioned in the attacked list, the impact is still considerable, given the popularity of the affected ecosystems.

The mechanism was relatively straightforward: the malicious software remained resident in the system and It extracted the keys the moment the user opened their walletIn other words, it waited for the device owner to unlock access by performing a legitimate operation, in order to capture the data at that moment.

Charles Guillemet, CTO of Ledger, emphasizes that, despite having a very advanced hardware component such as the Secure Enclave of the iPhoneMost software wallets don't fully utilize this to protect keys. Even when they do, the keys are exposed to the operating system for as long as the application is open, and it's precisely this window that Coruna exploited.

From espionage tool to instrument of mass theft

Google's study details that the Coruna exploit kit wasn't originally designed to empty cryptocurrency wallets. Initially, it was associated with... ecosystem of commercial surveillance companiesThat is, companies that develop digital espionage tools for governments and state agencies.

Google Threat Intelligence researchers found evidence that Coruna was first used in surveillance operations, including the activity of a spy group linked to Russia against users in Ukraine. It is yet another case of how technical capabilities designed for supposedly controlled environments end up being leaked or reused for purely criminal purposes.

Over time, the same kit or variations of it also ended up being oriented towards direct theft of digital assetsIt has evolved from a targeted espionage tool to an instrument for attacking a much wider audience. Guillemet goes so far as to estimate that "tens of thousands of iPhones" could have been compromised, although that figure does not appear explicitly in Google's report.

The protection recommendations are clear: the only confirmed defense against Coruna is update iOS to the latest version availableFor those who cannot upgrade to the latest version due to hardware limitations, GTIG advises activating Lockdown Mode, which minimizes the attack surface by cutting off advanced system features.

In Guillemet's opinion, this case demonstrates that storing significant amounts of money in software wallets on general-purpose devices It has become an overly fragile security model. Their analysis suggests that this architecture should no longer be considered robust enough, especially against attackers with access to sophisticated exploits like those used by Coruna.

iPhone and iPad approved to handle classified NATO information

On a completely different level, Apple has achieved something that a few years ago would have sounded like science fiction: the Consumer iPhones and iPads have been approved to handle classified information NATO level Restricted in the 32 member countries of the alliance, using iOS 26 and iPadOS 26 without adding extra security hardware.

This means that, under a strict set of conditions and policies, a device purchased in a regular store can be placed on a table where sensitive documents are handled. It doesn't make them equivalent to traditional armored phones, but it does mark a significant shift in how mobile security is understood within the government environment.

The decision comes after iOS and iPadOS underwent a process of comprehensive technical evaluation and security auditsCompatible iPhones and iPads have already been included in NATO's Information Assurance Product Catalog, the official list of approved technology for classified information scenarios.

The certification covers the use of the integrated applications of Mail, Calendar, and ContactsThese are the tools that account for a significant portion of the daily work of civil servants and military personnel. The technical documentation indicates that no additional security layers are required, provided the devices are managed and meet certain requirements.

The German Federal Office for Information Security (BSI) has played a key role. It first approved the use of iPhones and iPads for German government information at the VS NfD level and, following that experience, expanded its testing and analysis to make it possible to extend the assessment to the entire NATO sphereIt's a significant endorsement of Apple's integrated security strategy.

What does the Restricted NATO level really mean, and what changes?

The NATO classification system includes four main levels: NATO Restricted, Confidential, Secret, and Cosmic Top Secret. The level achieved by Apple devices is the lowest on the scale, but it still corresponds to information whose leak would be detrimental to the interests of the alliancealthough it does not reach the level of severe damage of other higher grades.

For an iPhone or iPad to be used in that context, it's not enough to just take it out of the box and set up an email account. It has to be a terminal managed by a device management servicewith security policies activated, mandatory use of Face ID or Touch ID, and strict procedures in case of loss or theft.

In practice, the same iPhone model a person uses at home can be present in an environment where sensitive topics are discussed, but only when integrated into a highly controlled operating framework. It doesn't transform any personal phone into a government "red line," although the symbolic leap into consumer hardware is clear.

This certification relies on mechanisms that Apple has been developing for years: Hardware-level encryption, the secure enclave for safeguarding keys and biometric dataRobust biometric authentication and memory protection features such as Memory Integrity Enforcement, which complicate life for spyware developers.

Ivan Krstić, Apple's head of security engineering and architecture, summarizes the change by recalling that, before the iPhone era, truly secure devices were Tailor-made solutions for governments and large corporationsNow, a large part of those defenses come from the factory to the user who buys a mobile phone in a normal store, with the same technological base on which these allied certifications are based.

Impact on defense, businesses, and advanced users

For defense personnel, diplomats, and other military workers, this approval opens the door to a gradual replacement. part of the old ruggedized terminals through lighter and more convenient consumer hardware, at least for restricted-level communications and documents.

This is the first time that mobile devices aimed at the general public have achieved this type of recognition within the NATO framework, which also strengthens their image in the civilian market. For many companies, even if they will never handle strictly classified documents, this news serves as a a kind of indirect seal of trust about the platform's security.

BSI President Claudia Plattner insists that a truly secure digital transformation is only possible when security is built into the product design, rather than added as an afterthought. Her message aligns with the growing trend of valuing platforms where protection is built-ininstead of relying exclusively on third-party solutions.

At the same time, cybersecurity experts remind us that using very popular devices also expands the attack surfaceThe fact that an iPhone is certified for NATO Restricted does not mean the threat disappears: management policies, regular audits and a strong security culture within organizations remain essential.

For the advanced user and the corporate environment in general, the message is clear: the same device used to check emails on the train to the office also has Useful shortcuts for iOS and with the same basic technical defenses which convince an international military alliance. Meanwhile, incidents like Coruna or disputes like the one with Epic show that the battle for security and control of the iOS ecosystem is far from over.

Today, iOS lives in a kind of tense balance: on the one hand, it adds Updates like version 26.3.1 focus on stability, performance, and resource optimizationOn the other hand, it faces serious challenges such as advanced exploits capable of stealing cryptocurrencies, while its app ecosystem is under pressure from regulators and competitors like Epic. The fact that the iPhone has simultaneously been approved to handle classified NATO information reflects the contrast of a system that has become a prime target for both governments and large corporations, as well as for the most sophisticated attackers, and that forces users to constantly stay up-to-date with the latest versions and best security practices.