SAN FRANCISCO, January 19, 2026, 03:30 PST
- Apple said two WebKit flaws fixed in iOS 26.2 may have been used in “extremely sophisticated” targeted attacks
- Tech and security outlets are urging users who delayed iOS 26 to update and reboot devices
- Experts say restarting can disrupt some malware, but patches remain the main fix
Security researchers and consumer tech sites are again urging iPhone users to update to iOS 26.2 and restart their devices, warning that Apple has already patched WebKit bugs used in targeted attacks. The renewed push comes as many users resist iOS 26’s “Liquid Glass” design, a slowdown that has left older software in wide use. (Tom’s Guide)
Apple’s security notes for iOS 26.2 and iPadOS 26.2 said processing “maliciously crafted web content” could lead to arbitrary code execution or memory corruption. Apple said it was aware of reports the issues “may have been exploited in an extremely sophisticated attack against specific targeted individuals” running versions of iOS before iOS 26. (Apple Support)
Pieter Arntz, a malware intelligence researcher at Malwarebytes, wrote that Apple patched two WebKit “zero-day” vulnerabilities on Dec. 12 and that restarting a device flushes “memory-resident malware” unless it has gained persistence. “Upgrading requires a restart, which makes this a win-win,” Arntz wrote. (Malwarebytes)
Apple’s security releases page lists iOS 26.2 for iPhone 11 and later, and iOS 18.7.3 for older models including iPhone XS and iPhone XR, both dated Dec. 12, 2025. The company issued patches the same day for macOS, Safari, watchOS, tvOS and visionOS. (Apple Support)
The Independent said the WebKit bugs have been linked to mercenary spyware — commercial surveillance software typically used in tightly targeted hacking campaigns — and that iOS 26 adds protections such as Safari fingerprinting defenses and safeguards against risky wired connections, alongside anti-scam features. (The Independent)
WebKit is Apple’s browser engine, and weaknesses in it can spill beyond Safari into other apps that render web content. A “zero-day” is a flaw exploited before most users have installed a fix, leaving a window where attackers can move fast.
The U.S. National Security Agency has previously urged users to make rebooting routine, saying in a mobile security guide: “Power the device off and on weekly.” That step is not a cure on its own, but it can interrupt attacks that live only in memory until a restart clears them.
Apple tells users to update through Settings > General > Software Update, and says enabling automatic updates is the easiest way to keep fixes coming. “Keeping your software up to date is one of the most important things you can do,” Apple said. (Apple Support)
For people who believe they may be singled out — activists, journalists, executives — Apple also points to Lockdown Mode, an optional “extreme protection” that limits some apps, websites and features to cut the attack surface. Apple says “most people are never targeted by attacks of this nature.” (Apple Support)
Apple has not detailed who was targeted, how the attacks worked, or whether the tools have spread beyond the victims it described. Restarting alone is not a substitute for patching; malware that achieves persistence can return, and users who delay updates stay exposed as new bugs surface.
A Forbes column on Jan. 18 also pushed the “turn it off and on again” message, echoing calls to reboot as iPhone owners weigh whether to move to iOS 26. (Forbes)
