Apple has issued an urgent security warning to all iPhone and iPad users, urging them to install the latest software updates immediately after discovering two serious vulnerabilities already being used in real-world attacks.
According to Apple, the flaws were found in WebKit, the browser engine behind Safari and every browser on iOS and iPadOS. The company described the exploits as part of an “extremely sophisticated attack” aimed at specific individuals, language Apple rarely uses unless the threat is real and active.
What’s The Risk?
The vulnerabilities could allow malicious websites to run harmful code on a device simply by being visited. In the worst case, attackers could gain control of an iPhone or iPad without the user doing anything more than opening a webpage.
These are so-called zero-day vulnerabilities, meaning hackers were exploiting them before Apple even knew they existed.
Who Can Be Affected?
Apple says the following devices are at risk:
- iPhone 11 and newer
- iPad Pro 11-inch (1st generation and later)
- iPad Pro 12.9-inch (3rd generation and later)
- iPad Air (3rd generation and later)
- iPad (8th generation and later)
- iPad mini (5th generation and later)
Updates are available as iOS 26.2 and iPadOS 26.2, along with security patches for macOS, watchOS, tvOS, visionOS, and Safari.
If you have automatic updates enabled, you may already be protected. If not, Apple strongly recommends updating manually now.
What Went Wrong?
Apple fixed two separate issues:
- A use-after-free bug (CVE-2025-43529), which can allow attackers to manipulate memory
- A memory corruption bug (CVE-2025-14174), which could let malicious code run unchecked
Both issues were discovered with help from Apple’s security teams and Google’s Threat Analysis Group.
As usual, Apple declined to share technical details until patches were released, saying this is done to protect users.
How To Stay Safe
Cybersecurity experts agree the most important step is simple: install updates immediately. Zero-day attacks rely on people running outdated software.
Other smart precautions include:
- Enable automatic updates on all Apple devices
- Avoid clicking unexpected links in messages or emails
- Type website addresses manually if something feels off
- Limit how much personal information is publicly available online
A Reality Check
Here’s the uncomfortable truth: modern smartphones are no longer just phones. They’re wallets, identity vaults, work devices, and personal assistants rolled into one. That makes them extremely valuable targets.
Apple’s security response was fast, and that’s good, but the fact that such advanced attacks are now reaching everyday consumer devices should concern everyone. Staying safe increasingly depends not just on companies patching holes, but on users actually installing those patches.
In 2026, ignoring software updates isn’t just inconvenient, it’s risky.
