Apple warns that millions of iPhones are exposed to attacks
NEWNow you can listen to News articles!
Apple’s iPhone is the most popular smartphone in the United States and one of the most used devices in the world. An estimated 1.6 billion people depend on the iPhone every day. That huge user base also makes the platform a prime target.
For the past few weeks, Apple has been sending out warnings about a serious security flaw. New data suggests the risk could affect about half of all iPhone users.
That potentially puts hundreds of millions of devices at risk right now.
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
WHATSAPP WEB MALWARE AUTOMATICALLY SPREADS THE BANKING TROJAN
Apple is warning iPhone users about a serious security flaw in Safari that could leave hundreds of millions of devices vulnerable if updates are delayed. (Thomas Trutschel/Photothek via Getty Images)
What Apple discovered in Safari and WebKit
Late last month, Apple confirmed two critical vulnerabilities in WebKit. WebKit powers Safari and all browsers that run on iOS. According to Apple, the flaws were used in an extremely sophisticated attack that targeted specific individuals. The issue allowed malicious websites to trick iPhones and iPads into running harmful code. Once that happens, attackers could take control of the device, steal passwords, or access payment information. In simple terms, visiting the wrong website might have been enough.
Why millions of iPhones are still exposed
Apple acted quickly to release a fix. The patch is included in the latest software update. The problem is that many people have not installed it yet. Estimates suggest that around 50 percent of eligible users have not upgraded from iOS 18 to iOS 26. That would leave around 800 million devices vulnerable worldwide. StatCounter data paints an even worse picture. It is estimated that only 20 percent of users have updated so far. Once security details become public, the risk grows rapidly. Attackers know exactly what to exploit.
The iPhone and iPad models at highest risk
Apple says the following devices are affected if they are not updated:
- iPhone 11 and later
- iPad Pro 12.9-inch 3rd generation and later
- iPad Pro 11-inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 8th generation and later
- iPad mini 5th generation and later
If your device appears on this list and you haven’t updated it, it is vulnerable.
INSTAGRAM PASSWORD RESET BOOST: PROTECT YOUR ACCOUNT
New data suggests that nearly half of all iPhone users worldwide may still be exposed to a critical WebKit exploit that Apple says was actively used in attacks. (Jakub Porzycki/NurPhoto via Getty Images)
Why updating is the only real protection
There is no flipping setting or safe browsing habit that will fix this problem. The vulnerability lies deep within the browser engine. Security experts say there is no workaround or user behavior that will significantly reduce the risk. Installing the latest software is the only effective defense. Apple is no longer offering a security-only update for users who want to stay on iOS 18. Unless your device can’t run iOS 26, the fix is only available through iOS 26.2 and iPadOS 26.2.
Steps to update your iPhone or iPad now
The update is quick and usually painless. If automatic updates are enabled, the solution may already be installed.
If not, follow these steps:
- Open the Settings app on iPhone
- Tap General
- Select Software update
- Download and install iOS 26.2 or iPadOS 26.2 or later
Make sure your device is connected to Wi-Fi and has enough battery or is plugged in.
Pro Tip: Use Strong Antivirus Software
Keeping your iPhone up to date is essential, but it shouldn’t be your only line of defense. Powerful antivirus software adds another layer of protection by scanning for malicious links, blocking risky websites, and alerting you to suspicious activity before damage is done.
This is even more important when attacks are based on compromised websites or hidden browser vulnerabilities. Security software can help detect sneaky threats and give you additional visibility into what’s happening on your device.
Think of it as backup protection. Software updates close known holes, while powerful antivirus tools help protect against the next one.
Get my picks for the best antivirus protection winners of 2026 for your Windows, Mac, Android, and iOS devices at Cyberguy.com.
FAKE ERROR POPUPS ARE SPREADING MALWARE RAPIDLY
Apple says malicious websites could exploit a Safari flaw to steal passwords or payment information from unpatched iPhones and iPads. (David Paul Morris/Bloomberg via Getty Images)
Kurt’s Key Takeaways
Apple rarely uses language like “extremely sophisticated” unless the threat is serious. This flaw shows how even trusted browsers can become attack paths when updates are delayed. Waiting weeks or months to update now has real consequences. If you use your iPhone for banking, shopping, or working, this update should be considered urgent.
How long do you usually wait before installing important iPhone updates? Is that delay worth the risk? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE News APP
Sign up to receive my FREE CyberGuy report
Get my best tech tips, urgent security alerts, and exclusive offers delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Guide to Surviving Scams, free when you join me CYBERGUY.COM information sheet.
Copyright 2026 CyberGuy.com. All rights reserved.
Kurt “CyberGuy” Knutsson is an award-winning technology journalist with a deep love for technology, gear and gadgets that improve lives with his contributions to News and News Business since mornings on “News & Friends.” Do you have any technical questions? Get Kurt’s free CyberGuy newsletter, share your voice, a story idea or comment on CyberGuy.com.