Millions of iPhones are at risk of attack

Apple's iPhone is the most popular smartphone in the United States and one of the most widely used devices globally. It's estimated that 1.6 billion people use iPhones daily. This massive user base also makes the platform a prime target for attacks. For the past few weeks, Apple has been issuing warnings about serious security vulnerabilities. The latest data suggests this risk could affect approximately half of all iPhone users, leaving hundreds of millions of devices potentially vulnerable.

First, at the end of last month, Apple confirmed two critical vulnerabilities in WebKit, the underlying engine for Safari and all iOS browsers. According to Apple, these vulnerabilities were used in a highly sophisticated attack specifically targeting certain users. Malicious websites could exploit these vulnerabilities to trick iPhones and iPads into running malicious code. Once the malicious code is executed, attackers could gain control of the device, steal passwords, or access payment information. In short, simply visiting the wrong website could lead to this.

To address this, Apple quickly released a patch, which is included in the latest software update. The problem is that many users haven't installed it yet. It's estimated that about 50% of eligible users haven't upgraded from iOS 18 to iOS 26. This means approximately 800 million devices worldwide are at risk. StatCounter data suggests the situation is even more dire, estimating that only 20% of users have completed the update. Once security vulnerabilities are made public, the risk increases rapidly. Attackers will know exactly how to exploit these vulnerabilities.

Currently, there are no settings that can address this issue, nor are there any safe browsing habits that can fix this problem. The vulnerability is deeply embedded within the browser engine. Security experts say there are no workarounds or user behaviors that can significantly reduce the risk. Installing the latest software is the only effective defense. Apple no longer provides a security-only update for users who wish to remain on iOS 18. Unless the device is unable to run iOS 26, this fix is ​​only available through iOS 26.2 and iPadOS 26.2.

While keeping your iPhone system updated is crucial, it shouldn't be your only line of defense. Robust antivirus software provides another layer of protection, scanning for malicious links, blocking risky websites, and alerting you to suspicious activity before it can cause harm. This is especially important when attacks rely on compromised websites or hidden browser vulnerabilities. Security software can help catch threats that slip through the cracks and provide a clearer understanding of what's happening on your device; think of it as a backup protection. Software updates can fix known vulnerabilities, while robust antivirus tools help protect against the next vulnerability.

Apple rarely uses phrases like "extremely sophisticated" unless the threat is very serious. This vulnerability demonstrates that even trusted browsers can become attack vectors if updates are delayed. Waiting weeks or even months for updates now carries real consequences. If you use your iPhone for online banking, shopping, or work, you should update immediately.

In general, millions of iPhones recently faced a serious security threat, primarily involving a high-risk vulnerability called a "zero-click vulnerability." Attackers could remotely control devices and steal all sensitive information, including passwords and financial data, simply by luring users to a compromised webpage, without requiring the user to click any links or perform any actions, exploiting a vulnerability in the Safari browser engine. These attacks are often targeted, potentially aimed at specific individuals such as political figures or public figures. Apple has released security updates to fix the relevant vulnerabilities and strongly recommends that all users immediately upgrade their systems to the latest version to mitigate the risks.