SYDNEY, Jan 18, 2026, 21:27 AEDT
- Apple says two WebKit flaws may have been used in “extremely sophisticated” targeted attacks on iOS versions before iOS 26
- The fixes are in iOS 26.2 for newer iPhones and iOS 18.7.3 for older models, according to Apple’s security listings
- Uptake of iOS 26.2 appears patchy in tracking data, leaving a long tail of devices on older software
Apple is urging iPhone users to update and restart their devices after it disclosed fixes for two WebKit vulnerabilities that it said may have been exploited in an “extremely sophisticated” attack against specific targeted individuals on iOS versions before iOS 26. (Apple Support)
The flaws sit in WebKit, the browser engine that powers Safari and handles much of the web content rendered on iPhones. One of the bugs (CVE-2025-43529) could allow “arbitrary code execution” via maliciously crafted web content — in plain terms, an attacker could potentially run code on a device after a user loads hostile web material. (NVD)
That matters now because a meaningful share of the iPhone base still appears to be running older software. StatCounter’s worldwide iOS version data for December showed iOS 26.2 at 1.97%, and the firm warned that iOS 26 was being incorrectly reported as iOS 18.7 and 18.6 in Safari, muddying the picture. (StatCounter Global Stats)
Apple released iOS 26.2 for iPhone 11 and later, and iOS 18.7.3 for devices such as the iPhone XS, XS Max and XR, both on Dec. 12, 2025, its security releases list shows. The same release batch also included updates across Apple’s wider line-up, including Safari 26.2 and newer versions of watchOS, tvOS and visionOS. (Apple Support)
Australian outlet The New Daily highlighted the reboot-and-update push over the past day, describing the activity as targeted hacks and spyware and noting that Google’s Threat Analysis Group worked alongside Apple on the breach. (The New Daily)
Apple’s support guidance says users can update wirelessly by going to Settings, then General, then Software Update, and tapping Download and Install if one is available. “Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security,” Apple said. (Apple Support)
Pieter Arntz, a malware intelligence researcher at Malwarebytes, wrote that restarting can be a practical stopgap because “when you restart your device, any memory-resident malware is flushed” — unless it has gained persistence. He also warned against complacency: “I’m not a target” is not a viable safety strategy, he wrote. (Malwarebytes)
Still, Apple has not laid out who was targeted or how many devices may have been hit, and restarting is not a substitute for patching. If a device is already compromised and the attacker has a way back in — or if a tool survives reboots — a restart buys time, it doesn’t close the hole.
For most users, the takeaway is blunt: install the latest iOS available for your model, then reboot. Web-based attacks do not need a user to install an app, and the long lag between patch release and uptake is where targeted campaigns tend to find daylight.
