Apple urges 1.8 billion users to urgently update iOS: critical vulnerabilities discovered.

According to ТСН: Apple has sent an urgent call for 1.8 billion users to update iOS to version 26.2 due to critical "zero-day" vulnerabilities. Attackers have already exploited these gaps, gaining control over devices through malicious websites.

iPhone and iPad owners must update the software

Apple has urged iPhone and iPad owners to urgently update their software to protect their devices from serious cyber threats.

The company reported the discovery of two critical vulnerabilities in WebKit - the browsing engine used in Safari and all browsers on iOS. These issues are part of an "extremely sophisticated attack," targeting individual users.

The danger comes from malicious sites that can force the device to execute unwanted commands, allowing attackers to take control of the iPhone or iPad and run third-party code without the owner's knowledge.

Users with automatic updates enabled have already received the patch. Those who have disabled this feature must manually download iOS 26.2 or iPadOS 26.2 through the settings menu.

The highest risk level has been noted for iPhone 11 and newer models, as well as for iPad Pro with a 12.9-inch screen (from the 3rd generation), iPad Pro 11 inches from the first generation and newer. Among the threats are also iPad Air (3rd generation and newer), iPad (from the 8th generation), and iPad mini (from the 5th generation).

The discovered vulnerabilities belong to the "zero-day" category, meaning that developers were previously unaware of their existence, and hackers could exploit them before the release of fixes.

These issues were identified by a cybersecurity team, including Apple specialists and Google's threat analysis division. They warned that these vulnerabilities could be used for large-scale cyber attacks.

Apple has released an update

Apple also announced the release of updates for iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and browser Safari 26.2.

One of the identified issues is a use-after-free error related to memory management. It was fixed by improving the handling of temporary data, and the vulnerability received the CVE-2025-43529 code.

Another error related to memory corruption was resolved by implementing stricter checks. It is registered under the number CVE-2025-14174.

"For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until an investigation has been conducted, and updates or fixes are available."

Recommendations for iPhone user protection

Cybersecurity expert Kurt Knutsson provided recommendations for protecting iPhone users from similar threats. He emphasized the importance of promptly installing updates, as zero-day attacks often target devices with outdated software. Knutsson advises enabling automatic updates on all Apple devices so that patches are installed immediately after release.

The expert also noted that many WebKit exploits begin with malicious sites, so he recommends avoiding clicks on suspicious links from SMS, WhatsApp, Telegram, or email. If a link arouses suspicion, it's better to manually enter the website address in the browser than to open it with one click.

In Knutsson's opinion, the most effective way to protect against malicious links and data theft attempts is to use antivirus software. Reliable security solutions can also warn about phishing emails and ransomware attacks, helping to safeguard personal data.

Targeted cyber attacks usually start with collecting information about the potential victim. The more personal data is exposed, the easier it is for attackers to choose a target.

Reducing one's visibility online can be achieved by actively managing privacy on social media and deleting data from intermediary resources.

While it is impossible to completely erase information about oneself from the Internet, using services to remove personal data can be a helpful solution. Such services constantly monitor numerous websites and systematically remove personal information.

By reducing the amount of available data, you complicate scammers' ability to combine stolen information with open sources, lowering the risk of becoming a target for an attack.

In conclusion, it is worth noting that earlier insider Jon Prosser published 3D renders of the first foldable iPhone Fold, which is expected to be presented in September 2026. The gadget will feature a book-like design with a main 7.8-inch screen and an external 5.5-inch screen, with the main innovation being the use of liquid metal in the hinge to eliminate the crease on the display.