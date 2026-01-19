Apple has issued an urgent call for iPhone users to update their devices after discovering two serious security vulnerabilities in WebKit, the engine powering Safari and other web-related content on iPhones. These flaws, exploited in highly sophisticated targeted attacks, put millions of users at risk, especially those using outdated versions of iOS. The tech giant’s warning, released on January 18 and 19, 2026, is a response to growing concerns over spyware campaigns using the vulnerabilities to infiltrate iPhones.

The vulnerabilities, present in WebKit, are tied to the execution of malicious code when users visit compromised websites. Affected users do not need to download any apps to fall victim; simply visiting a malicious site is enough to potentially allow an attacker to take control of parts of the phone. Apple’s security team emphasizes that these bugs could enable remote code execution or lead to memory corruption, making them particularly dangerous for unpatched devices. Users running iOS 26.2 and iPadOS 26.2 are advised to update immediately to avoid exposure.

Slow Update Adoption Poses Risks

Despite the severity of the threat, many iPhone users have been slow to adopt the latest updates. Some reports suggest that the introduction of Apple’s new “Liquid Glass” design in iOS 26.2 has caused performance slowdowns on some devices, leading to hesitance in upgrading. Data from StatCounter shows that adoption of iOS 26.2 has been slower than expected, leaving many devices vulnerable to exploitation. The low adoption rate raises alarm bells, as attackers could easily exploit these flaws, which are already active in the wild.

The vulnerabilities were first patched on December 12, 2025, but security experts warn that without the update, users remain exposed. Pieter Arntz, a researcher at Malwarebytes, emphasized that a restart following the update is crucial. A device reboot helps clear out any “memory-resident malware,” which might otherwise persist. Arntz cautions users against assuming they are not at risk, explaining that even if they have not been directly targeted yet, cybercriminals may still exploit their unpatched systems.

These WebKit flaws are particularly troubling due to their connection to mercenary spyware, software used in targeted attacks against high-profile individuals, including journalists, activists, and business executives. While Apple has not disclosed specific details about the targets, it acknowledged that the vulnerabilities were leveraged in “extremely sophisticated” attacks. Security experts stress that users who may be at higher risk, such as public figures or those involved in sensitive work, should enable Lockdown Mode for enhanced protection.

Rebooting Alone Isn’t Enough

Apple’s guidance remains clear: update to the latest iOS, restart the device, and ensure automatic updates are enabled to protect against future threats. The company stresses the importance of keeping software up-to-date, but warns that a simple reboot is not a cure-all for persistent malware. The National Security Agency’s mobile security guidelines recommend powering off and on devices weekly, but emphasize that regular updates are the most effective defense against vulnerabilities like the one that has now been exposed in WebKit.

The update is available for iPhone 11 and later models running iOS 26.2, and iPhone XS, XS Max, and XR models on iOS 18.7.3. Apple’s proactive measures are aimed at protecting users from the increasingly sophisticated world of spyware and targeted attacks, but with many users still holding off on updates, the risk of further exploitation remains a pressing concern.