San Francisco, Jan 19, 2026, 02:11 (PST)
Apple’s latest iOS 18 security update is only available for a select group of older iPhones, nudging users with iPhone 11 and newer models toward iOS 26.2 for the latest patches. “Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security,” the company emphasized. (Apple Support)
This is significant because Apple’s newest updates fix two zero-day WebKit vulnerabilities—security flaws exploited before a public patch is out—that can be activated by malicious web content. According to Apple, they are “aware of a report” that these issues “may have been exploited in an extremely sophisticated attack” aimed at certain users running iOS versions earlier than iOS 26. (Apple Support)
The newest software hasn’t taken over yet. According to StatCounter’s latest monthly data, iOS 18.7 accounted for 31.06% of iOS web traffic in December, with iOS 18.6 close behind at 29.58%. Meanwhile, iOS 26.2 lingered at just 1.96%. StatCounter also flagged an odd issue: “Apple are incorrectly declaring iOS 26 as 18.7 and 18.6” in Safari and they’re “working on a fix.” (StatCounter Global Stats)
Tom’s Guide highlighted that iOS 26.2 packs in 25 security patches and pointed out that WebKit, which powers Safari and all other browsers on iOS due to Apple’s policies, means any delay in updating affects a wide range of apps. Adoption estimates vary widely—StatCounter reports around 16%, while app telemetry suggests it’s topped 50%. Some users are hesitating, concerned about the “Liquid Glass” design tweaks and potential battery drain. (Tom’s Guide)
Macworld, in an opinion piece, noted that the pushback against Liquid Glass has been intense enough for Apple to tweak some transparency effects already. It also suggested that sluggish iOS 26 adoption could spell trouble for a company that depends so much on loyal users. The site pointed out, too, that data tracking versions might be underreporting iOS 26 usage. (Macworld)
Malwarebytes researcher Pieter Arntz noted that early targets of advanced spyware campaigns are often “diplomats, journalists, or executives,” but insisted that thinking “I’m not a target” won’t protect you once exploit chains start to spread. He mentioned that rebooting can clear some memory-resident malware unless it has established persistence. Still, he emphasized that updating to iOS 26.2 is the crucial move for newer iPhones. (Malwarebytes)
However, this rollout might hit snags. Should iOS 26.2 introduce bugs or slowdowns affecting a significant number of users, many will hesitate to update — despite the security patches — causing Apple’s update pace to lag outside of official schedules.
Apple is also grappling with a measurement issue. If Safari is inaccurately reporting iOS versions, developers and security teams could be basing their support and risk decisions on unreliable adoption figures, potentially prolonging the lifespan of outdated software.
Apple has usually enjoyed quicker software adoption compared to the Android ecosystem, where Google and manufacturers like Samsung push updates across a broader range of devices. A slower upgrade pace for iPhones erodes that edge, exposing more devices when attackers go after browser code used constantly.
