Apple pushed several point releases for its operating systems during April 2026. The notable part is that most of them arrived with no CVE list, which is worth reading carefully because it doesn’t mean the same thing as a bulletin packed with patches.
Here’s the timeline. On April 8, iOS 26.4.1 and iPadOS 26.4.1 went out. The next day, April 9, macOS Tahoe 26.4.1 followed. Later, on April 22, Apple released iOS/iPadOS 26.4.2 alongside iOS/iPadOS 18.7.8 for older hardware (iPhone XS, XR and earlier iPad models that no longer track the 26 branch). On the official security releases page, the first three are marked “This update has no published CVE entries.”
What “no published CVEs” means
An update with no CVEs doesn’t mean it fixes nothing security-related. Apple uses that wording when a release patches minor flaws, stability bugs, or issues whose details haven’t been made public yet. Sometimes the document is updated weeks later with the matching identifiers, once the patches have shipped widely enough. Other times the release is plain maintenance.
To put these updates in context, look at the one before them. macOS Tahoe 26.4 came out on March 24, 2026 and that one did fix several flaws across WebKit, the kernel, Keychain and CUPS. It’s the major branch these .4.1 and .4.2 revisions build on. If you’re coming from an older version, installing 26.4.1 also brings you the accumulated fixes from 26.4.
Who is affected and what to do
Anyone with an Apple Mac, iPhone or iPad on a supported branch. The split between the 26 series and 18.7 is the usual one: modern devices run iOS/iPadOS 26, while devices like the iPhone XS, the XR or earlier iPads get security patches on iOS/iPadOS 18.7. Apple keeps that lane open precisely so hardware that can’t move to the new branch stays protected.
The advice is the same as always: install. Even with no CVEs listed, point releases often include fixes Apple would rather not detail until they’re broadly deployed, and delaying them buys you nothing. On iPhone and iPad, go to Settings, General, Software Update. On Mac, System Settings, General, Software Update. If you manage a fleet through MDM, schedule the rollout the way you would for any minor revision.
It’s also worth noting these releases don’t appear to be tied to any known active exploitation at the time they shipped, unlike the emergency patches Apple puts out when there’s an ongoing attack. That lowers the urgency without removing it: Apple’s pattern of releasing first and documenting later means the detail can arrive after the fact.