Overview
- Apple says targeted, highly sophisticated attacks are exploiting zero‑day flaws in WebKit that can compromise iPhones with zero‑click tactics.
- Patches are available in iOS 26.2 and iPadOS 26.2, with additional releases for macOS, watchOS, tvOS, visionOS, Safari, and iOS/iPadOS 18.7.3 for older devices.
- Security researchers advise restarting devices to flush non‑persistent spyware, though installing the latest software remains the only reliable fix.
- New analyses indicate some adoption metrics undercount iOS 26 because Safari can misreport the OS version, yet many users still have not upgraded.
- Apple and partners, including Google’s Threat Analysis Group, assigned CVEs to the bugs and flagged risk to recent iPhone models and multiple iPad lines.