Apple has released the iOS 26.4 security release notes with a list of security patches addressing over 35 vulnerabilities, including a vulnerability that allowed someone with physical access to an iPhone to bypass biometrically protected apps even without Stolen Device Protection enabled. This issue was resolved after improved checks were made to address the issue. Other notable issues included a bypassing a keychain containing passwords, encryption keys, tokens, and other items stored in the Keychain. A bug that allowed a malicious website process to bypass a sandbox and potentially allowing an app to escape its sandbox was also highlighted. These issues were highlighted by 9to5Mac Security Bite, a weekly column and podcast by Arin Waichulis, a degreed IT professional and third-year security writer.