Urgent iPhone Security Update: Apple Addresses Critical WebKit Vulnerabilities
In a move to bolster iPhone security, Apple has released iOS 26.2, which includes patches for two WebKit zero-day vulnerabilities linked to mercenary spyware. The update, which Apple is actively pushing for iPhone 11 and newer users, is essential to protect devices from targeted attacks.
What Are the Vulnerabilities and Why Are They Dangerous?
The vulnerabilities, discovered in WebKit—the engine behind Safari and many other iOS apps—could allow attackers to execute arbitrary code on a device after exploiting malicious web content. Apple confirmed that these vulnerabilities are already being exploited in the wild, making the update a high-priority task for all users.
While such attacks often target diplomats, journalists, and executives, the risk extends to anyone using an unpatched device. Campaigns targeting high-profile individuals can lead to tooling and exploits leaking or being repurposed, meaning no user is entirely safe from these threats.
Slow Adoption of iOS 26 Leaves Many Vulnerable
Despite the urgency, adoption of iOS 26 has been unusually slow. As of January 2026, only about 4.6% of active iPhones are on iOS 26.2, and roughly 16% are on any version of iOS 26. The majority of users remain on older releases, such as iOS 18, which lack the security fixes and protections found in iOS 26+.
Apple only rolls out critical security patches and new protections, like Memory Integrity Enforcement, on iOS 26 and later for supported devices. Users on older, unsupported devices will not receive these protections, leaving them exposed to ongoing threats.
Why Restarting Your iPhone Is Just as Important
Beyond updating, Apple emphasizes the importance of regularly restarting your device. Restarting flushes any memory-resident malware, unless it has gained persistence. High-end spyware tools often avoid leaving traces needed for persistence and rely on users not restarting their devices.
Updating to iOS 26.2 requires a restart, which serves as a dual benefit: users receive the latest protections, and any lurking malware is cleared in the process.
How to Update and Secure Your iPhone
Check for Updates
To ensure your iPhone is running the latest software, go to Settings > General > Software Update. If an update to iOS 26.2 is available, install it immediately.
Enable Automatic Updates
To avoid missing future patches, turn on Automatic Updates on the same screen. This ensures your device stays protected without manual intervention.
Additional Security Tips
- Restart Weekly: The NSA recommends restarting your device weekly to clear any memory-resident malware.
- Verify Links and Attachments: Do not open unsolicited links or attachments without verifying with the trusted sender. Be wary of phishing attempts.
- Ignore Suspicious Notifications: Apple threat notifications will never ask users to click links, open files, install apps, or provide account passwords or verification codes.
- Be Cautious with Emails: For Apple Mail users, viewing HTML-formatted emails containing malicious web content can pose a risk. Use security tools like Malwarebytes for iOS to add an extra layer of protection.
Conclusion
The release of iOS 26.2 is a critical step in safeguarding iPhone users from sophisticated spyware threats. With slow adoption rates leaving many vulnerable, now is the time to update and restart your device. Stay informed, stay secure, and make it a habit to keep your software current.