OS 26.5 Adds Encrypted RCS Messaging, Fixes Bugs

Apple has released iOS 26.5, iPadOS 26.5, and watchOS 26.5 with a smattering of new features. macOS 26.5 Tahoe, tvOS 26.5, visionOS 26.5, and HomePod Software 26.5 contain only bug fixes, security updates, or performance and stability improvements.

The headline feature in iOS 26.5 is encrypted RCS messaging, which Apple is rolling out in beta for iPhone users on supported carriers. iPhones and iPads also gain Suggested Places in Maps, which Apple says displays recommendations based on “what’s trending nearby and your recent searches.” Forgive my skepticism, but this feature feels like a lead-in to ads in Maps, which absolutely no user has ever asked for.

iOS 26.5 and iPadOS 26.5 also introduce a new Pride Luminance wallpaper that “dynamically refracts a spectrum of colors” and is available for download. watchOS 26.5 adds a new Pride Luminance face that Apple describes in much the same way, and it fixes a bug where Messages could use SMS instead of iMessage when paired with a dual SIM iPhone, and another where Workout app audio alerts could fail to play if the paired iPhone wasn’t nearby. That’s it for the release notes.

End-to-End Encrypted RCS Messaging

One of iMessage’s claims to fame is that all messages are end-to-end encrypted, meaning no one, not even Apple, can decrypt them in transit or at rest. There is one caveat, though. When iCloud Backup and Messages in iCloud are both enabled, Apple controls the encryption key to the Messages backup and could be compelled to decrypt the messages, unless the user has turned on Advanced Data Protection (see “Apple’s Advanced Data Protection Gives You More Keys to iCloud Data,” 8 December 2022).

Regardless, iMessage is far more secure than traditional SMS, which lacks end-to-end encryption and relies on carrier infrastructure that can store, route, and forward messages. As the industry began replacing SMS with RCS (Rich Communication Services), interoperable end-to-end encryption was a notable omission. Google has offered encrypted RCS messaging between Android users in Google Messages for years, but until now, RCS conversations involving iPhone users could not be encrypted.

Apple is now rolling out a beta of end-to-end encrypted RCS messaging for iPhone users running iOS 26.5 with supported carriers and Android users on the latest version of Google Messages. Although the list of supported carriers is quite large, encrypted RCS also requires the latest version of Google Messages on Android—something many users may not have. You can tell if an RCS conversation is end-to-end encrypted by looking for a lock icon and message. Apple says that encryption is on by default and will automatically be enabled over time for existing RCS conversations.

Amusingly, Apple ends its announcement of encrypted RCS messaging with this dig:

iMessage was built with privacy in mind and has always been end-to-end encrypted. It remains the best way to communicate between Apple devices.

Apparently, someone at Apple wants to make sure that adding RCS encryption doesn’t imply that iPhone users should turn off iMessage and go about their lives as green-bubble friends. Frankly, that seems far-fetched, given the ingrained separation of blue and green bubble people.

Security Updates

As always, these updates include numerous fixes for security vulnerabilities, perhaps more than usual, and credit a somewhat higher-than-usual proportion of individual researchers. However, none are zero-day vulnerabilities that are being exploited in the wild. Apple also updated the previous versions of iOS and iPadOS, as well as the last two versions of macOS.

• iOS and iPadOS 26.5: 52 security fixes
• iOS 18.7.9 and iPadOS 18.7.9: 44 security fixes
• macOS 26.5 Tahoe: 69 security fixes
• macOS 15.7.7 Sequoia: 45 security fixes
• macOS 14.8.7 Sonoma: 42 security fixes
• watchOS 26.5: 35 security fixes
• tvOS 26.5: 37 security fixes
• visionOS 26.5: 40 security fixes

I’ve been curious if we would see an increase in the number of acknowledged fixes after Apple joined Anthropic’s Project Glasswing and gained access to the Claude Mythos AI model (see “What Anthropic’s Mythos and Project Glasswing Mean for Your Apple Devices,” 9 April 2026). There’s no specific mention of Mythos in the release notes, but for the first time, several CVEs (Common Vulnerabilities and Exposures, the standard system for cataloging security flaws) credit Claude and Anthropic. Subsequently, Calif.io posted about a macOS kernel memory corruption exploit developed with help from Mythos. We’ll look for Calif.io’s name in future security notes.

CVE-2026-28942: Milad Nasr and Nicholas Carlini with Claude, Anthropic

CVE-2026-28952: Calif.io in collaboration with Claude and Anthropic Research

Unfortunately, iOS 18.7.9 and iPadOS 18.7.9 are available only for the iPhone XS, iPhone XS Max, iPhone XR, and iPad 7th generation—Apple has rescinded the brief reprieve it gave other iOS 18 users who do not want to upgrade to iOS 26 (see “Apple Offers iOS 18.7.7 Security Update as Alternative to iOS 26.4 Upgrade,” 1 April 2026, and “iOS 26.4.2 and iOS 18.7.8 Address Notification Privacy Flaw Highlighted by FBI Case,” 22 April 2026).

Update Advice

The main reason to install these updates sooner rather than later is the security fixes. Encrypted RCS messaging is of course welcome, but since we haven’t had it until now, it’s hard to imagine a few more days without it causing anyone much hardship. So wait until the end of the week to make sure there are no unwelcome surprises that will prompt a quick fix from Apple, then install the updates.