MAY 2026 SECURITY PATCH ROUNDUP – Windows, iOS, macOS, Android, Linux

Leave a Comment / Patch Management / By
Patch Management Series logo featuring a metallic shield with two interlocking gears and a digital circuit background.

This month’s roundup covers the latest security updates from Microsoft, Apple, Google, and Ubuntu distributions representing Linux.. Inside you’ll find the new Windows KB release, Apple’s iOS and macOS security fixes, Google’s May Android bulletin, and the current security advisories from Ubuntu. The report outlines the key vulnerabilities addressed across each platform, links directly to the official vendor advisories, and highlights the priority actions worth taking for individuals, businesses, and admins.

Windows Updates – May 2026 Patch Tuesday

Latest cumulative update: KB5089549
OS Builds: 26200.8457 (Windows 11 25H2) / 26100.8457 (Windows 11 24H2)
Release date: 12 May 2026
Key improvements

  • Fix for Netlogon remote code execution (CVE‑2026‑41089)
  • DNS Client heap overflow RCE (CVE‑2026‑41096)
  • Entra ID privilege escalation (CVE‑2026‑41103)
  • Reliability improvements for Hyper‑V networking
  • Updated Wi‑Fi miniport drivers addressing memory corruption
  • Roll‑up of April preview fixes and stability updates

Official Microsoft links

Priority actions

  • Patch domain controllers (Netlogon RCE)
  • Patch DNS‑exposed systems
  • Update Office/Outlook installations
  • Validate Defender platform version

Apple Security Updates – May 2026

Apple released significant security updates across iOS, iPadOS, and macOS this month, addressing dozens of vulnerabilities across kernel, WebKit, sandboxing, and system frameworks.

Release date: 11 May 2026
Security fixes
iOS/iPadOS 26.5 includes 50+ security patches, covering

  • Kernel memory corruption → potential arbitrary code execution
  • WebKit memory safety issues → remote code execution via malicious web content
  • App Intents sandbox escape
  • ImageIO memory corruption
  • Contacts data exposure
  • CoreMedia and CoreGraphics memory handling fixes

Devices

All iPhones and iPads running iOS/iPadOS 26.

macOS Tahoe 26.5

Release date: 11 May 2026

Security fixes

macOS Tahoe 26.5 includes nearly 70 security patches, including:

  • APFS buffer overflow → arbitrary code execution
  • CUPS privilege escalation
  • WebKit RCE vulnerabilities
  • AppleJPEG memory corruption
  • CoreGraphics out‑of‑bounds reads
  • Sandbox escape fixes

Official Apple link

Apple Security Updates

https://support.apple.com/en-au/HT201222

Priority actions

  • Update all iPhones/iPads to iOS/iPadOS 26.5
  • Update macOS systems to Tahoe 26.5
  • Ensure Safari/WebKit patches are applied across all devices
  • If using older hardware: install iOS/iPadOS 18.7.9, released alongside 26.5 for devices that cannot upgrade to iOS 26

Android – May 2026 Security Bulletin

Published: 6 May 2026
Patch levels: 2026‑05‑01 and 2026‑05‑05
Key security vulnerabilities

  • CVE‑2026‑0073 – Critical System RCE (adjacent network)

Affects wireless ADB authentication.

An attacker on the same Wi‑Fi or adjacent network may execute code as the shell user.

This is not an internet‑exposed RCE – it requires local network proximity.

  • Additional high‑severity vulnerabilities across:
    • Framework
    • System
    • Media components
    • Vendor components (Qualcomm, MediaTek, Arm)

Pixel Security Bulletin

Google’s Pixel bulletin includes the same May security patches and vendor‑specific security fixes.

Official Android links

  • Android Security Bulletin

https://source.android.com/docs/security/bulletin

  • Pixel Update Bulletin

https://source.android.com/docs/security/bulletin/pixel

Priority actions

  • Pixel users → install the May security update
  • OEM devices → patch availability varies by manufacturer
  • Admins → assess exposure to CVE‑2026‑0073 (adjacent‑network requirement reduces risk)

Linux – Ubuntu Security Updates

Ubuntu continues to provide the clearest and most consistent security advisory stream, making it the best reference point for Linux patching this month.

Current themes

  • Dirty Frag zero‑day (CVE‑2026‑43284 & CVE‑2026‑43500)
    • Local privilege escalation chain
    • Arbitrary page‑cache write → root access
    • Public exploit code available
    • Security vendors report limited in‑the‑wild exploitation
    • Patches for CVE‑2026‑43284 released May 8
    • Patches for CVE‑2026‑43500 still rolling out
  • Kernel security fixes (memory corruption, privilege escalation)
  • OpenSSL/OpenSSH updates
  • Browser updates (Firefox, Chromium)
  • Updates to systemd, libxml2, ImageMagick
  • Server‑side patches (Samba, Apache, PHP)

Ubuntu – Security Notices (USN)

https://ubuntu.com/security/notices

Priority actions

  • Apply mitigations for Dirty Frag until patched kernels land
  • Patch kernel‑level vulnerabilities promptly
  • Update OpenSSH/OpenSSL
  • Update browsers (Firefox/Chromium)
  • Apply weekly USNs for server‑side packages

Practical Guidance

For individuals

  • Update iPhones/iPads to iOS/iPadOS 26.5
  • Install Windows KB5089549
  • Update Android devices as soon as OEM patches are available

For businesses

  • Prioritise patching domain controllers and DNS servers
  • Patch RDP‑exposed systems
  • Validate macOS fleet compliance

For admins

  • Review MSRC for high‑severity CVEs
  • Confirm Defender platform version
  • Check Linux fleet for kernel + OpenSSH/OpenSSL updates

Explore the full Patch Management Series

Explore The Patch Management Series

APRIL 2026 SECURITY PATCH ROUNDUP – Windows, iOS, macOS, Android, Linux

New Patch Roundup published every Patch Tuesday.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Subscribe
Subscribe