Apple Urges IPhone Users To Update After Sophisticated WebKit Attacks

Apple has found itself at the center of a fresh security storm, urging millions of iPhone users to update their devices after patching two serious WebKit vulnerabilities that, according to company officials, were leveraged in “extremely sophisticated” targeted attacks. The company’s warnings, released on January 18 and 19, 2026, have rippled across the tech world, with security experts and consumer technology sites echoing the call for urgent action.

The crux of the concern lies in two flaws embedded in WebKit—the browser engine that powers Safari and handles much of the web content on iPhones. Apple’s security notes for iOS 26.2 and iPadOS 26.2 state that processing “maliciously crafted web content” could lead to arbitrary code execution or memory corruption. In plain English, that means a hacker could potentially take control of parts of your phone simply by luring you to a booby-trapped website, no app installation required. According to the National Vulnerability Database, this type of bug is particularly dangerous because it allows attackers to execute code on a device remotely.

Apple’s security releases page lists iOS 26.2 for iPhone 11 and later, and iOS 18.7.3 for slightly older models like the iPhone XS and XR, both dated December 12, 2025. The same day, Apple also rolled out patches for macOS, Safari, watchOS, tvOS, and visionOS, signaling the seriousness of the threat across its product ecosystem. The company’s message to users is clear: update your device and reboot it as soon as possible.

Yet, despite these warnings, many iPhone users have been slow to adopt iOS 26.2. The reason? Apple’s new “Liquid Glass” design, which some users claim causes their devices to slow down, has left a significant chunk of the iPhone community sticking with older software. StatCounter’s December 2025 tracking data showed low adoption rates for iOS 26.2, although quirks in how Safari reports its version numbers made it tricky to pin down the real figures. Regardless, the lag in updates creates an opening for attackers—especially since these exploits are already out in the wild.

Security researchers are adamant that now is not the time for complacency. Pieter Arntz, a malware intelligence researcher at Malwarebytes, explained that the two WebKit “zero-day” vulnerabilities were patched on December 12, 2025, but that doesn’t mean users are safe if they haven’t updated. "Upgrading requires a restart, which makes this a win-win," Arntz wrote, emphasizing that a simple device restart flushes out "memory-resident malware" unless the malware has found a way to persist after a reboot. He also warned, "assuming you are not a target is not a safe approach."

What’s especially alarming about these flaws is their connection to mercenary spyware—commercial surveillance software typically used in tightly targeted hacking campaigns. According to reporting by The Independent, these WebKit bugs have been linked to such spyware, which is often deployed against high-profile individuals like activists, journalists, and corporate executives. Apple, for its part, has not disclosed who was targeted, how many devices were affected, or the exact mechanics of the attacks, but the company did acknowledge that the vulnerabilities "may have been exploited in an extremely sophisticated attack against specific targeted individuals" running versions of iOS before iOS 26.

To bolster defenses, iOS 26 introduces new protections, including Safari fingerprinting defenses, safeguards against risky wired connections, and enhanced anti-scam features. For those who believe they might be at higher risk—think journalists, human rights advocates, or business leaders—Apple recommends enabling Lockdown Mode. This optional feature offers “extreme protection” by restricting certain apps, websites, and features, shrinking the attack surface that hackers can exploit. However, Apple reassures that “most people are never targeted by attacks of this nature.”

But what about the average user who just wants to know how to stay safe? Apple Support advises updating your device via Settings > General > Software Update and enabling automatic updates to ensure you never miss a critical patch. “Keeping your software up to date is one of the most important things you can do,” Apple stressed in its support communications. The company also suggests rebooting your device after updating to clear out any malware that may be lurking in memory.

Restarting, however, is not a silver bullet. As both Apple and security analysts point out, malware that achieves persistence can survive a reboot and continue to pose a threat. That’s why installing the latest patches remains the most effective line of defense. The U.S. National Security Agency, in its mobile security guide, has previously recommended making device reboots a weekly habit, stating: "Power the device off and on weekly." While this can disrupt memory-only malware, it’s not a substitute for timely updates.

Adding to the chorus, a Forbes column published on January 18, 2026, reiterated the importance of the “turn it off and on again” mantra, especially as iPhone owners weigh whether to move to iOS 26. The article emphasized that web-based attacks don’t need you to install anything—just visiting the wrong website with outdated software can be enough to let an attacker in.

Many consumer tech outlets and security blogs are now urging users who have delayed iOS 26 to reconsider, highlighting that the risks of staying on older software far outweigh any inconvenience from design changes or performance tweaks. As Tom’s Guide put it, “the renewed push comes as many users resist iOS 26’s ‘Liquid Glass’ design, a slowdown that has left older software in wide use.”

For users of older iPhones, there’s no need to worry about being left behind. Apple released iOS 18.7.3 for models like the iPhone XS, XS Max, and XR on the same day as the iOS 26.2 patch, ensuring that a broad swath of devices remains protected.

Despite the urgency, Apple has kept details about the attacks close to its chest. The company has not said who was targeted, how the attacks worked, or whether the tools have spread beyond the described victims. This ambiguity has left some users anxious, but the core advice remains unchanged: update and reboot. As Arntz from Malwarebytes cautioned, "restarting helps clear memory-resident malware but does not replace installing updates."

In today’s digital world, where a single overlooked update can open the door to sophisticated cyberattacks, the message from Apple and the broader security community is loud and clear: don’t wait. Update your iPhone, restart it, and keep those automatic updates switched on. It might just make all the difference.