iPhone 18 Rumour: Apple Finally Adds Camera Feature Samsung Ditched
Old iPhone models are at risk after last month's iOS update. TARUN RAJ BN/Unsplash

Apple is under attack once again, with the company urging millions of customers to remain on high alert after confirming a serious Safari flaw that leaves unpatched iPhones exposed to sophisticated cyberattacks.

With 2026 already proving a turbulent year for cybersecurity, the warning lands at a time when smartphones have become personal diaries, workstations and digital wallets all rolled into one. Any compromise to iPhone security therefore carries the potential for devastating real-world consequences.

When consumers spend hundreds, and in some cases well over $1,000 (£790.00), on a new iPhone, they do so with the expectation that Apple's famously tight security will protect their data. That trust is now being tested.

Read More: Adjust Your iPhone Settings – Catch the Northern Lights Tonight As Aurora Borealis Is Visible to Photographers Everywhere

Read More: iPhone 18 Pro, iPhone Fold Release Date, Specs, Features, Price and More

Apple says roughly 50% of its 1.8 billion users have yet to update to iOS 26, leaving hundreds of millions of devices potentially exposed to an exploit that requires no clicks, no downloads and no obvious user error.

What Happened and Why iPhones Are at Risk?

The attacks are described as zero-click exploits, meaning hackers can take control of a device without the user opening a link or file, says Fox. Once compromised, attackers may harvest personal data, track locations, activate cameras or microphones and, in many cases, commit financial fraud.

Security experts warn that while the initial targets are often high-profile individuals, the wider public inevitably becomes collateral damage.

Late last month, Apple confirmed that two critical zero-day vulnerabilities had been discovered in WebKit, the browser engine that powers Safari and every other iOS browser. According to Apple, these flaws were already being exploited in 'extremely sophisticated' attacks aimed at specific individuals.

WebKit is deeply embedded across iOS, which makes it what security researchers call a 'large attack surface'. Malicious websites were able to exploit the flaw to run harmful code simply by being visited. In practical terms, loading the wrong webpage could have been enough to hand over control of an iPhone or iPad.

Apple patched the vulnerabilities on 12 December, 2025, linking them to mercenary spyware campaigns. However, as details of the exploit become public, attackers gain a clearer roadmap for abuse, increasing the urgency for users to update.

Which iPhones Are Affected

The risk is highest for users running older software on newer hardware. Apple has urged anyone with an iPhone 11 or later to upgrade immediately to iOS 26.2 or newer.

The following devices are vulnerable if not updated:

  • iPhone 11 and later
  • iPad Pro 12.9-inch (3rd generation and later)
  • iPad Pro 11-inch (1st generation and later)
  • iPad Air (3rd generation and later)
  • iPad (8th generation and later)
  • iPad mini (5th generation and later)

Worryingly, adoption of iOS 26 has been unusually slow. Complaints about the Liquid Glass redesign and fears of battery drain have discouraged some users from upgrading. Estimates suggest that as of January 2026, just 4.6% of active iPhones are on iOS 26.2, while only 16% are running any version of iOS 26 at all.

How Users Can Protect Themselves

Security firm Malwarebytes says the most important step is to restart and update your device immediately.

'What many people don't realise is that when you restart your device, any memory-resident malware is flushed, unless it has somehow gained persistence', researchers explained. 'High-end spyware tools tend to avoid leaving traces needed for persistence and often rely on users not restarting their devices.'

Malwarebytes recommend restarting the phone at least once a week. Users should also avoid opening unsolicited links or attachments and remember that genuine Apple security alerts will never ask you to click links, install apps or provide passwords or verification codes.

For those who believe they may be a high-value target, or who simply want extra protection, Apple's Lockdown Mode offers an additional layer of defence. Ultimately, though, experts are clear that there is no workaround or safe-browsing habit that fixes this issue. Installing the latest software remains the only effective defence.

Writer's pick