Apple is racing to contain a critical security crisis that has left hundreds of millions of iPhones exposed to stealthy, highly capable attacks. The company has confirmed that sophisticated hackers are actively exploiting flaws in its browser engine and related components to silently compromise devices, even when users think they are browsing safely. The stakes are simple and stark: if you own an iPhone or iPad, your data, messages and even financial accounts may be at risk unless you update and change your habits now.
What is unfolding is not a theoretical bug or a niche research finding. Apple has acknowledged that real attackers are chaining together vulnerabilities to seize control of devices, install spyware and potentially siphon off everything from photos to authentication codes. Security researchers describe a threat that cuts across models and price points, from the latest flagship to older handsets that many people still treat as a trusted daily product.
What Apple has confirmed about the new iPhone attacks
Apple has taken the unusual step of publicly warning that millions of iPhones are exposed to live exploitation through a critical flaw in Safari’s underlying engine. The company has said that the vulnerability sits deep inside WebKit, the browser core that powers Safari and many in-app web views, and that simply visiting a booby-trapped website could be enough to trigger a compromise on an unpatched device, a risk that has been described as affecting hundreds of millions of users worldwide who have not yet installed the latest fixes Safari. Security specialists who have reviewed the technical details say there is no meaningful way for ordinary users to browse their way around this bug, because the malicious code executes before any warning signs appear.
Behind the scenes, Apple has already shipped patches that are designed to close these holes, bundling them into the most recent iOS and iPadOS releases and urging customers to install the update immediately. The company’s own security documentation for iOS 26.2 and iPadOS 26.2 notes that the fixes cover components such as AppleJPEG and networking tools like curl, and that they apply to a wide range of devices, including iPhone 11 and later and iPad Pro 12.9-inch 3rd generation and later, as well as iPad Pro 11-inch 1st generation and later, under a section explicitly labeled Available for. Apple’s broader advisory on the same page underscores that these are not routine stability tweaks but critical security content that should be treated as urgent by anyone who relies on their phone for sensitive communication support.
Inside the ‘sophisticated’ WebKit and spyware campaigns
What makes this wave of attacks so alarming is the level of sophistication involved and the way it targets the very heart of how iPhones browse the web. Apple has acknowledged that at least two serious WebKit vulnerabilities have been exploited in what it describes as sophisticated targeted attacks, with the bugs allowing remote code execution and memory corruption that can give an intruder deep control over a device once triggered Key Points. In practical terms, that means a carefully crafted page can quietly force an iPhone to run attacker-supplied instructions, bypassing the protections that many users assume make iOS uniquely safe.
These WebKit exploits are not happening in isolation. Separate reporting describes how millions of iPhone owners are at risk of having spyware installed if they fail to upgrade, with the malicious tools designed to burrow into the operating system and monitor activity over time While the. Apple has also been sending direct threat notifications to people it believes are being singled out by advanced operators, warning that victims in 100 countries have been targeted by what it bluntly calls an “iPhone spying attack” and urging recipients to “please take it seriously” when they see the alert on their devices 100. Together, these details paint a picture of a platform under sustained pressure from attackers who are willing to invest heavily in bypassing Apple’s defenses.
Why millions remain exposed despite available fixes
Even as Apple rushes out patches, a large share of the iPhone base is still running older software, which leaves the door wide open for attackers who move faster than users update. Reports from security researchers note that adoption of iOS 26 has been unusually slow, and that as of January only about 4.6% of active iPhones are on iOS 26.2, the version that contains the latest round of critical fixes 4.6%. That lag creates a massive attack surface, because the vast majority of devices are still running code that Apple and independent analysts now know can be bent into executing harmful instructions.
Apple itself has been unusually blunt about the scale of the problem, with one widely cited warning describing 800 million iPhone users as being in the crosshairs of this new wave of exploits Kevin Harrish. Another analysis of the Safari flaw estimates that roughly half of all iPhone users could be affected if they do not update, because the bug touches such a fundamental part of the browsing stack that it cuts across regions and demographics half. When I look at those numbers, the conclusion is unavoidable: the biggest vulnerability right now is not a line of code, it is the gap between how quickly attackers adapt and how slowly many of us tap “Install Now” when a security update appears.
How the attacks work and what hackers are after
Technically, the current wave of iPhone attacks revolves around tricking the device into treating hostile content as trusted instructions. In the case of the WebKit flaw, the vulnerability lives deep inside the browser engine, which means that a malicious website can feed specially crafted data into Safari or any app that uses embedded web views and cause the engine to mismanage memory, opening the door to arbitrary code execution vulnerability. Once that foothold is established, attackers can chain it with other weaknesses to escape the browser sandbox, escalate privileges and install persistent spyware or data theft tools that survive reboots and quietly exfiltrate information.
The goals of these campaigns are as varied as the groups running them. Some operations appear focused on classic surveillance, using the access to read messages, track locations and monitor calls, while others are more overtly criminal, going after banking apps, password managers and one-time passcodes to commit financial fraud at scale fraud. Apple has publicly described some of the ongoing activity as “sophisticated” hacks that secretly access devices, and independent cybersecurity researchers with Malwarebytes have echoed that assessment, highlighting how difficult it can be for an average user to spot the signs of compromise even as their phone is quietly leaking data in the background 81.
What Apple and security experts say you should do now
Apple’s message to customers is unusually direct: act now. The company has urged iPhone owners to install the latest software update immediately, stressing that the patch includes fixes for the WebKit zero-day and related issues that have already been used in the wild Apple. Security professionals, including System Architect Brandon Woo, have framed this as a textbook example of why users cannot afford to treat mobile updates as optional, because the gap between disclosure and exploitation has shrunk to the point where attackers are often ready with working chains as soon as a flaw is documented. In parallel, Apple has pushed out a rare global security warning on social platforms, telling iPhone owners that malicious websites can trick their devices into exposing sensitive data to cybercriminals or surveillance networks and urging them to stay alert to more guidance.
More from Morning Overview