Apple has warned all iPhone and iPad users to immediately install the latest updates to protect their devices against a critical threat.
The tech giant said two critical flaws had been discovered in WebKit, the browser engine that powers Safari and all browsers on iOS, describing them as part of a “highly sophisticated attack” targeting certain people.
For users with automatic updates enabled, the patch should already be installed, while others will need to manually download iOS 26.2 or iPadOS 26.2 through their device settings, writes the Daily Mail.
Devices most at risk include iPhone 11 and later, iPad Pro (3rd generation and later), and iPad Pro (1st generation and later).
Other vulnerable models include iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later).
Apple also released updates for iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2.
The flaws are classified as zero-day vulnerabilities, meaning they were unknown to software developers and could be exploited by hackers before a patch existed.
Security teams, including Apple and Google’s threat analysis group, discovered the vulnerabilities, warning that the bugs could allow potentially devastating cyber attacks.
The risk comes from malicious websites. That means hackers could take control of your iPhone or iPad or run code without the owner’s permission.
It’s a memory management bug that could allow access to already freed data, a problem that Apple has fixed by improving the way the device handles temporary data.
Apple labeled the bug as CVE-2025-43529.
Another, known as the memory corruption bug, was fixed by adding tighter checks to prevent errors. This has been tagged as CVE-2025-14174.
“For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until an investigation has occurred and patches or builds are available,” the tech giant said in a statement.
Cybersecurity expert Kurt Knutsson shared how users can protect themselves from such vulnerabilities.
Knutsson wrote for FOX News that installing updates immediately is crucial because zero-day attacks often rely on catching users by surprise with outdated software.
Enable automatic updates on all Apple devices so that patches are applied as soon as they are released.
That way, even if you miss the announcement, your device remains protected without you having to lift a finger.
Many WebKit exploits start with malicious websites. To stay safe, avoid clicking on unexpected links sent via SMS, WhatsApp, Telegram or email.
If a link looks suspicious, type the website address directly into your browser instead of tapping on it, Knutsson explained.
The most effective way to protect yourself from links that might install malware or steal your personal information is to use antivirus software on all devices.
Good security software can also alert you to phishing and ransomware emails, helping you keep your personal data and digital assets safe.
Targeted attacks often start with profiling, and the more personal information about you available online, the easier it is for attackers to target you.
Limiting your exposure by adjusting your social media privacy settings and removing data from broker sites can help reduce your visibility.
While no service can completely erase your information from the Internet, using a data removal service is a smart choice, Knutsson said.
These services actively monitor and systematically delete your personal information from hundreds of websites.
Although they can be expensive, they provide peace of mind and are one of the most effective ways to protect your privacy.
By minimizing the data available about you, it becomes much more difficult for fraudsters to combine the hacked information with what is public online, reducing the risk of being targeted.
