Apple sounds the alarm: update your iPhone and iPad NOW!
Apple has rushed out emergency updates after discovering two dangerous security holes in WebKit — the engine behind Safari and every browser on iOS. The company says the flaws were used in a “highly sophisticated” real-world attack aimed at specific targets, not just opportunistic hackers.
WebKit has been a critical part of Apple’s ecosystem since 2003, when it debuted with Safari. Because Apple requires all iOS browsers — including Chrome and Firefox — to use WebKit under the hood, a single flaw can expose hundreds of millions of devices at once, making these vulnerabilities especially valuable to advanced attackers.
If your device loads a malicious webpage, attackers could hijack it — stealing data, injecting code, or silently spying on you. That’s why Apple pushed fixes in iOS 26.2 and iPadOS 26.2 and is urging users to update immediately.
Web-based attacks have surged over the past decade because they require no app install and often no obvious user action beyond opening a link. Similar “drive-by” exploits have previously been used by commercial spyware to infect journalists, activists, and politicians without any visible warning.
Most users with automatic updates are already protected. But if you turned those off? Go to Settings → General → Software Update right now.
Apple introduced automatic security updates in 2012 after criticism that users delayed patching critical flaws. While the feature has dramatically reduced large-scale attacks, millions of users still disable it to avoid storage issues or unexpected restarts — creating an opening for fast-moving exploits.
This isn’t an isolated incident: it’s the seventh zero-day exploit Apple has patched in 2025, highlighting how aggressively attackers are targeting mobile platforms.
A “zero-day” vulnerability is one that’s exploited before the developer even knows it exists. Early smartphones were rarely targeted, but as iPhones became ubiquitous worldwide, mobile zero-days grew more valuable than desktop exploits on the underground market.
Devices at risk include iPhone 11 and newer, plus recent iPad Pro, Air, and mini models — essentially most Apple devices still in everyday use.
Apple typically supports its devices with security updates for six to seven years, far longer than most competitors. That long lifespan protects users, but it also encourages attackers to hunt for bugs that work across many generations of hardware at once.
