Apple warns of serious iPhone vulnerability; how to stay safe?

Apple has issued a major security warning for iPhone users after uncovering serious vulnerabilities in WebKit, the browser engine that powers Safari and all third-party browsers on iOS, raising concerns about targeted cyberattacks on older versions of the operating system.

According to Apple, the flaws have been actively exploited in what it described as “extremely sophisticated” attacks aimed at specific individuals. The company said the vulnerabilities were used by mercenary spyware operators, a category of highly advanced surveillance tools typically deployed against journalists, activists, political figures and other high-value targets.

In a security advisory, Apple confirmed that the exploits affected versions of iOS prior to iOS 26 and could allow attackers to gain unauthorised access through malicious web content. As a result, the company has strongly urged users of iPhone 11 and newer models to immediately update their devices to iOS 26, which contains critical security patches.

The seriousness of the threat has prompted warnings beyond Apple. According to a report cited by Forbes, as many as 50 per cent of iPhone users have yet to upgrade to iOS 26, despite its availability. The situation has reportedly triggered a warning from US government agencies advising users to install the latest software updates to protect against potential exploitation.

Apple said iOS 26 includes a range of new security enhancements designed to counter advanced threats. These include stronger protections against browser fingerprinting in Safari, new safeguards to block attacks via unsafe wired connections, and expanded anti-scam measures aimed at detecting fraudulent calls and messages in real time.

While Apple did not disclose the identities of the attackers or victims, the company acknowledged that the attacks were highly targeted rather than widespread. However, cybersecurity experts warn that once vulnerabilities become public, they can quickly be repurposed for broader attacks if users delay updates.

Apple has reiterated its advice that users enable automatic updates and install iOS 26 as soon as possible, stressing that timely software upgrades remain one of the most effective defenses against evolving cyber threats.