Apple reveals iPhones are under attack by 'sophisticated' hacks secretly accessing devices Act Now
Apple has warned that iPhones are under attack from 'sophisticated' spyware, leaving hundreds of millions of smartphones at risk. The tech giant issued the alert as at least 50 percent of its 1.8 billion iPhone users have not updated to the latest iOS 26 software, which includes patches for the latest vulnerabilities. These attacks are highly sophisticated and precise, often leveraging zero-click exploits that let hackers seize control of a device without the user ever clicking a link, opening a file or doing anything at all, the company explained. If a device is infected, hackers could steal personal data, track a user’s location, access cameras and microphones, or even commit financial fraud, putting both privacy and security at serious risk.
Zero-click exploits drive stealthy attacks that could take control of your iPhone without you clicking a link
Zero-click spyware is a stealthy threat that can seize control of your iPhone without you clicking a link. 'What many people don’t realize is that when you restart your device, any memory-resident malware is flushed, unless it has somehow gained persistence, in which case it will return,' cybersecurity researchers with Malwarebytes said. 'High-end spyware tools tend to avoid leaving traces needed for persistence and often rely on users not restarting their devices.' Tens of millions of iPhone users have not yet uploaded the new iOS 26, which protect devices from the latest cyberattacks.
Patch uptake stalls as iOS 26 rollout meets resistance from a new Liquid Glass design and a wave of security flaws
Apple released iOS 26 to the public on September 15, 2025. As of January 2026, the vast majority of iPhone users, up to 75 percent, have not downloaded iOS 26, with adoption rates hovering between roughly 16 percent and 20 percent, significantly lower than previous iOS versions. Industry experts speculated the lack of downloads stems from user hesitation over the new 'Liquid Glass,' a new visual design language introduced with iOS 26 in 2025, featuring translucent, refractive, and dynamically reacting interfaces that create depth and focus. Those who have adopted the new design have found it confusing and visually distracting, leading to criticism. Most iPhones are running on iOS 18 due to the extended security support Apple added. However, the latest iOS 26 update strengthens security with new defenses against online tracking in Safari, blocks risky wired connections, and adds tools to protect users from scam calls and messages. Apple released a new version of iOS 26 last month, after identifying two critical flaws. The vulnerabilities were found in WebKit, the browser engine that powers Safari and all browsers on iOS, describing them as part of an 'extremely sophisticated attack' targeting specific individuals. The tech giant issued the alert as at least 50 percent of its 1.8 billion iPhone users have not updated to the latest iOS 26 software, which includes patches for the latest vulnerabilities. The risk comes from malicious websites, which could trick your device into executing harmful instructions. That means hackers might be able to take control of your iPhone or iPad or run code without your permission. For users with automatic updates enabled, the patch should already be installed, while others will need to manually download iOS 26.2 or iPadOS 26.2 through their device settings. Devices most at risk include the iPhone 11 and later, the iPad Pro 12.9-inch (3rd generation and later), and the iPad Pro 11-inch (1st generation and later). Other vulnerable models include the iPad Air (3rd generation and later), the iPad (8th generation and later), and the iPad mini (5th generation and later). The flaws are classified as zero-day vulnerabilities, meaning they were unknown to the software creators and could be exploited by hackers before a patch existed. Security teams, including Apple and Google's Threat Analysis group, discovered the weaknesses, warning that the bugs could enable potentially devastating cyberattacks. Apple has also released updates for iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2. One issue, called a use-after-free bug, is a memory problem that Apple resolved by improving how the device manages temporary data. Apple labeled the flaw as CVE-2025-43529. Another, known as a memory corruption bug, was fixed by adding stricter checks to prevent errors. This one was labeled as CVE-2025-14174
