The multinational technology company released the warning as at least 50 percent of its 1.8 billioniPhoneSome users have not upgraded to the latest iOS 26 software, which contains fixes for the most recent security issues.
The company stated that these attacks are very advanced and accurate, frequently using zero-click vulnerabilities that allow hackers to take over a device without the user needing to click on a link, open a file, or perform any action.
If a device becomes compromised, cybercriminals might gain access to private information, monitor a user’s whereabouts, activate cameras and microphones, or carry out financial theft, thereby endangering both privacy and safety.
Cybersecurity professionals are advising these users to ‘take immediate action’ by rebooting their devices, then navigating to Settings, General, and choosing Software Update.
Many people are unaware that restarting your device removes any malware that resides in memory, according to cybersecurity experts from Malwarebytes, unless the malware has established persistence, in which case it will reappear.
Advanced spyware typically avoids creating evidence that ensures long-term presence and often depends on users not rebooting their devices.
Apple launched iOS 26 to the general audience on September 15, 2025.
By January 2026, the majority of iPhone users, reaching as high as 75 percent, have not installed iOS 26, with uptake remaining between approximately 16 percent and 20 percent, much lower than earlier iOS releases.
Industry professionals believed the low number of downloads was due to users being cautious about the new ‘Liquid Glass’ feature, a fresh visual design approach launched with iOS 26 in 2025, which includes transparent, reflective, and interactive interfaces that add dimension and emphasis.
Individuals who have embraced the updated layout have reported it as perplexing and aesthetically disruptive, resulting in negative feedback.
Most iPhones are using iOS 18 because of theextended security support Apple added.
However, the most recent iOS 26 update enhances security by introducing new protections against online tracking in Safari, prevents unsafe wired connections, and includes features to safeguard users from fraudulent calls and messages.
Apple launched a new version of iOS 26 last month, following the discovery of two major vulnerabilities.
The security flaws were identified in WebKit, the browser technology used by Safari and all browsers on iOS, with the company referring to them as part of an ‘exceptionally complex attack’ aimed at particular users.
The danger arises from harmful websites that may deceive your device into running damaging commands.
This implies that cybercriminals could potentially gain control over your iPhone or iPad or execute code without your authorization.
Users who have automatic updates turned on should already have the patch installed, whereas those who haven’t will need to manually download iOS 26.2 or iPadOS 26.2 via their device settings.
Devices that are most vulnerable include the iPhone 11 and newer models, the iPad Pro 12.9-inch (3rd generation and later), and the iPad Pro 11-inch (1st generation and onward).
Other at-risk models consist of the iPad Air (third generation and newer), the iPad (eighth generation and newer), and the iPad mini (fifth generation and newer).
The issues are categorized as zero-day vulnerabilities, indicating they were not known to the developers and could be used by attackers prior to the release of a fix.
Security teams, such as Apple and Google’s Threat Analysis group, identified the vulnerabilities, cautioning that the flaws could lead to highly damaging cyberattacks.
Apple has also issued updates for iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2.
A problem known as a use-after-free bug is a memory-related issue that Apple fixed by enhancing the way the device handles temporary data.
Apple designated the vulnerability as CVE-2025-43529.
Another, referred to as a memory corruption vulnerability, was resolved by implementing more rigorous checks to avoid issues. This particular one was designated as CVE-2025-14174.
jasdooit 
Leave a comment