Apple
Apple warns iPhone users to update to iOS 26 immediately or face cyber risks Jimmy Jin/Unsplash

Apple warns iPhone users against cyber risks and urges iOS updates to patch two critical vulnerabilities on 11 January 2026. The California-based company behind iOS, iPhones, iPads, and Mac confirmed some iPhones were compromised, with a full fix still unavailable for some users.

Though iOS 26 has been available for almost four months, a 9to5Mac Global iOS version data report states that iOS users have yet to adopt the update. The report shows over 33% of users are still on iOS 18.7, while only 10.6% have already updated to iOS 26.1. These stats are far from the normal adoption of new iOS releases.

READ MORE: Apple Taps Google Gemini to Power Siri AI, Signalling Big Shift for iPhone Users

READ MORE: Fury as Verizon Offers 'Credits' After Outage Leaves Remote Workers Demanding Pay for Lost Hours

Unilad reports that the vulnerabilities identified as CVE-2025-43529 and CVE-2025-14174 are affecting WebKit, the browser engine on which Safari and other iOS applications run. Further to the report, mercenary spyware was targeting iPhones, and updating to iOS 26 is necessary to prevent exposure to the vulnerabilities.

Apple stated on their security update release, 'For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.'

Confirmed Exploitation

Malwarebytes relays that Apple has already confirmed exploitation of these vulnerabilities prior to the release of the patches, and that the fixes were only made available on iOS 26-supported devices. Restarting the iPhone after updating to iOS 26 'flushes' the malware, while the update installs the latest protections on the iPhone.

On top of disclosures from Apple, there have been reports of two 'zero-day' WebKit vulnerabilities being exploited. In cybersecurity, 'zero-day' means attackers were actively exploiting the flaws before Apple's move to roll out a fix came to light. This could be the worst-case scenario for security.

In an industry report, the characteristics of the exploitation point to high-value targeting, a pattern that suggests mercenary services were on the move. Apple confirms there is no workaround to mitigate this risk except to update to iOS 26.

Field Chief Technology Officer (FCTO) at BeyondTrust, James Maude, shared with Forbes, 'Users should urgently update all impacted Apple devices. It will quickly become a must-have exploit for a range of threat actors.' Meanwhile, CEO and Co-founder of Keeper Security Darren Guccione confirmed that the installation of iOS 26 is the only defence iPhone users have against cyberattacks, 'There's no workaround or user behavior that meaningfully mitigates this risk.'

What iPhone Users Should Do Immediately

Users of the iPhone 11 line onwards can apply this 'fix' to ensure their phones are protected, shared by Reddit:

  1. Update to iOS 26.2 immediately.
  2. Make sure auto-opening web links is disabled.
  3. Flag atypical Safari launch activities and any unusual traffic
  4. Enable network anomaly detection for device-to-C2 signatures

Malwarebytes also shared some useful tips to keep users' phones secure:

  • Restart your devices regularly- it is recommended to do this weekly.
  • Refrain from clicking links, opening files, or handing over passwords or verification codes from notifications that may appear to be from Apple or untrusted senders.
  • Consider looking into Apple's Lockdown Mode.
  • Stay vigilant.

The attacks that exploited iPhone vulnerabilities underscore the importance of tightening mobile security. Apple urges its users to take immediate steps - a simple iOS 26 update and restarting the devices- otherwise exposing their devices to malicious attacks.

In the modern world, where cyber attacks can occur almost without warning and evolve, users can turn to updates to streamline their defence.

Writer's pick
Apple Apple Inc. IPhone