Apple has released iOS 26.2, and this is no routine software update. Tech giant urges all iPhone users to install the update immediately, as the new version fixes as many as 26 security vulnerabilities, of which two are being actively exploited by hackers in real-world attacks.
This urgency with the update has to do with flaws in WebKit, which is an engine running Safari and other browsers on your iPhone. Security at Apple spotted that these vulnerabilities “may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.” While that might sound like something out of a spy thriller, that is a real threat that could affect any person.
Two WebKit vulnerabilities, identified as CVE-2025-43529 and CVE-2025-14174, together introduce a serious security risk. The first flaw lets attackers run arbitrary code on your device merely by visiting a maliciously crafted website. Think about all the links you click in a day-that’s a lot of potential exposure.
But that’s not all. iOS 26.2 patches a critical vulnerability in the iPhone’s Kernel, listed as CVE-2025-46285. This could allow a malicious app to reach the root privileges of your device. According to Javvad Malik, lead CISO advisor at KnowBe4, if an attacker gets access to your phone’s root level, it “effectively owns it.” They can bypass security mechanisms for all apps, read messages and code, and even hijack banking sessions.
Malik says that once again, “Criminals move fast once vulnerabilities are public patched.” He encourages: “Users should update now from their phone’s settings, and not via links or popups, and encourage their friends and family to do the same.”
Apple Rushes Out iOS 26.2 and 18.7.3 Patches Amid Global Spyware Threat Warnings
The timing of the release of iOS 26.2, though, could not be more apt. Apple recently sent notifications related to cyber threats to users in at least 80 countries, warning them about highly targeted spyware attacks.
While the attack generally targets defined small groups such as dissidents, journalists, and selected businesses, once spyware has hit a device, it can track all your activities, even from conversations in encrypted apps like WhatsApp.
If your iPhone is overheating abnormally, has become very slow, or applications you have never downloaded before magically appear, these might be indications that spyware has infected your iPhone. In this case, security experts recommend taking the nuclear option: wipe the device clean and replace it with a new one. “Restarting your iPhone simply forces the malware to go dormant until it strikes again,”
It turns out that Apple didn’t release iOS 26.2 in a vacuum. The company also issued iOS 18.7.3, fixing 22 flaws including the very same two WebKit vulnerabilities already being actively exploited. This wider issuance of patches proves that even the previous week’s update, iOS 18.7.2, running on older iPhones were also at risk of these attacks.
The fact that Apple patched both iOS 26 and iOS 18 suggests the latest operating system had these vulnerabilities too, though successful attacks against iOS 26 haven’t been reported yet, possibly because they’re more difficult to execute on the newer system.
Why Apple Skipped iOS 26.1.1 and How to Maximize Your iPhone’s Protection?
You might be wondering why Apple didn’t just issue an emergency iOS 26.1.1 update instead of waiting for 26.2.
Well, that’s due to a feature in iOS 26.1 called Background Security Improvements, which will push those critical security patches into your device automatically, in the background. So if you did update to iOS 26.1 already and have it turned on, then your iPhone is already safe from these threats.
This explains why Apple is strongly pushing iOS 26.1 and above as the best update path, rather than keeping users on iOS 18.
The first line of defense: updating to iOS 26.2. Go to Settings, General, and then Software Update, installing the update straight away. Do not wait for your phone to do that; sometimes, automatic updates are not as “instant” as you would want.
Moreover, for extra protection, enable Apple’s Lockdown Mode, a setting that switches on additional layers of protection for high-risk users. Be very observant of quirky behaviors in your iPhone. And remember: when it comes to security updates, procrastination can be expensive.
The bottom line is that those few minutes spent updating your iPhone today could save you from a major security headache tomorrow.
