Juli Clover (no release notes, no security, enterprise, no developer, full installer, IPSW):
macOS Tahoe 26.4.1 addresses an issue that could cause the M5 MacBook Air and M5 Pro/Max MacBook Pro models to fail to join 802.1X Wi-Fi networks when using content filter extensions.
See also Mr. Macintosh and Howard Oakley.
Previously:
Update (2026-04-14): macOS 26.4.1 fixes a bug introduced in macOS 26.4 where NSWorkspace.icon(forFile:) didn’t work with custom icons.
Update (2026-04-29): JD Gadina:
macOS 26 no longer draws images in table header cells correctly.
Image size is not respected, resulting in squished images with incorrect aspect ratio.
As a workaround, we store the image in a separate property, so macos doesn’t try to
draw it. We then draw it ourselves, centered in the cell.
Icons Mac macOS Release macOS Tahoe 26 Wi-Fi
Juli Clover (iOS/iPadOS release notes, no security, enterprise, no developer):
According to Apple’s release notes, the software updates contain unspecified “bug fixes.”
Benjamin Mayo:
While the official release notes were vague, a thread on the developer forums indicates it actually fixes a significant bug related to iCloud data syncing.
Developers had noticed that iPhones running 26.4 would stop receiving iCloud change notifications, which impacted cloud data sync for apps that use CloudKit framework, including Apple’s own Passwords app.
[…]
The bug exists on iPadOS 26.4.0 as well, but macOS Tahoe 26.4 was not afflicted by the same issue.
Adam Engst:
Apple, would it kill you to acknowledge what the bug affected in the release notes? Something like, “Fixes an issue where data synced by iCloud may not appear immediately.”
Apple (MacRumors):
Stolen Device Protection will be automatically enabled on devices that update from iOS 26.4 to iOS 26.4.1.
Adam Engst:
I tested this explicitly with my update, turning Stolen Device Protection off before I installed, and checking immediately afterward, where it remained off.
I don’t understand why Apple keeps announcing that it’s doing this and then not actually doing it, or perhaps only doing it for certain users. If, like me, you don’t want Stolen Device Protection, the idea of being opted into it is a bit scary. If you do want it, you may now have a false sense of security unless you check that it was actually enabled.
Previously:
Update (2026-04-14): Akshay Kumar:
Wi-Fi instability remains a widely discussed problem after updating to iOS 26.4.1. The networking stack continues to struggle with maintaining steady connections to local routers, and Apple has yet to officially acknowledge its flaw, leaving users to rely on community troubleshooting.
[…]
- Reports confirm the update resolves the CloudKit/iCloud sync bug, which previously caused outdated or missing data across apps like Passwords.
However, users are still discussing lingering issues:
- Delayed syncing after update
- Temporary mismatch between devices
- Apps needing manual refresh to update data
Nick Heer:
We’re four major updates into iOS 26 and Safari still opens tabs from other apps in random places among open tabs. Too bad this massive company has no time to fix bugs.
I’m still seeing lots of freezes in Safari where the bottom bar gets drawn in the center of the screen, and the whole app stops responding to taps.
CloudKit iOS iOS 26 iOS Release iPadOS iPadOS 26 iPadOS Release Stolen Device Protection Wi-Fi
Thijs Xhaflaire (via Andrew Orr):
Unlike traditional ClickFix campaigns that instruct users to paste commands directly into Terminal, the discovered variant uses a browser-triggered workflow to launch Script Editor.
[…]
- The page leverages an applescript:// URL scheme
- Clicking the “Execute” button invokes this URL scheme from the browser
- The browser prompts the user to allow Script Editor to open
- Once opened, a pre-filled script is presented for execution
[…]
This payload uses base64 encoding combined with gzip compression to obscure its contents before execution.
Previously:
Update (2026-04-13): Wojciech Reguła:
I described this technique on my blog in 2022.
AppleScript Mac macOS Tahoe 26 Malware Security Transparency Consent and Control (TCC) URL Web
