Apple has issued a warning to iPhone customers in regards to the danger of ‘mercenary spy ware assaults’ that may pilfer information with out requiring the consumer to click on on any doubtful hyperlinks.
In keeping with the tech behemoth, this risk is primarily on account of a major variety of customers not upgrading to the newest software program model, iOS 26.
This replace consists of enhanced safety features to fight new vulnerabilities that hackers have reportedly exploited in precise assaults. Specifically, they’ve taken benefit of delicate weaknesses throughout the iPhone’s net searching element, WebKit.
WebKit, the engine behind Safari and different iPhone purposes, has vulnerabilities in older methods that enable hackers to execute malicious code on a tool by merely luring it into loading tainted net content material.
Such breaches are sometimes termed ‘zero-click’ assaults as a result of they don’t require the sufferer to open a suspicious e mail or click on on dangerous hyperlinks as soon as the system is compromised.
Apple has acknowledged on its assist pages that these flaws in outdated iPhone software program have been exploited in extremely focused and superior spy ware operations, primarily directed at journalists, activists, and politicians.
Nonetheless, the corporate warned that these mercenary assaults have been ‘international and ongoing,’ that means the roughly one billion iPhone customers not utilizing a model of iOS 26 are liable to cyberattack, together with ones that customers can’t see coming.
Apple mentioned that the treatment is to obtain both the iOS 26 or iOS 26.2 working system updates after which restart the iPhone instantly to probably filter any hidden malware.
Apple has urged all Apple iPhone customers to instantly replace to their new iOS 26 working system
Apple added that leaving iPhones patched with older software program means customers are lacking the fixes completely, since Apple stopped offering safety updates for these variations on newer telephones.
This consists of iOS 18, which was launched in September 2024 and was the final main working system replace for the iPhone earlier than iOS 26 was launched final 12 months.
‘The acute price, sophistication, and worldwide nature of mercenary spy ware assaults make them a few of the most superior digital threats in existence at present,’ Apple warned in an announcement.
Apple refused to call particular cyberterrorist teams or different identified actors engaged in hacking as a part of the widespread risk focusing on iPhone customers.
Nonetheless, the tech big claimed that the cybercriminals finishing up the hacks have been ‘exceptionally effectively funded’ and have been even tricking some victims into believing they’d been despatched an pressing message from Apple, warning of suspicious account exercise.
‘Apple risk notifications won’t ever ask you to click on any hyperlinks, open recordsdata, set up apps or profiles, or present your Apple Account password or verification code by e mail or on the cellphone,’ the corporate wrote in April 2025.
Hackers have reportedly been benefiting from hidden flaws within the iPhone’s software program. This is called zero-day exploits and signifies that criminals know in regards to the flaws earlier than Apple does and might devise a repair.
This permits them to ship specifically crafted messages or hyperlinks that set off the vulnerability robotically with out customers needing to click on or open something, like a door they drive open utilizing code designed to match the precise weak point in iOS.
Be a part of the controversy
Ought to Apple do extra to guard customers with older iPhones from these harmful spy ware assaults?
Lower than 20 per cent of all iPhone customers are reportedly utilizing iOS 26, which protects units from the newest cyberattacks (Inventory Picture)
In relation to sure risk actors focusing on particular targets, similar to politicians and journalists, the hackers may need realized their iPhone was weak by first gathering details about the system by pretend Apple alerts that prompted victims to disclose their present iOS model.
As soon as inside, the spy ware installs itself quietly within the background, giving hackers full distant management to run instructions, disguise their exercise, and faux to be a traditional app or course of working within the background of the iPhone.
This permits hackers to steal a variety of non-public information, copying textual content messages, emails, photographs and movies. Cybercriminals can hack into an iPhone and even report calls, keystrokes, password or location information in real-time.
The brand new iOS 26 updates, together with the newest model 26.2, add stronger safety shields to the iPhone by fixing the hidden zero-day bugs within the software program.
Apple has famous that iOS 26 fixes a number of key elements of WebKit and the Kernel, the core ‘mind’ that controls how the cellphone runs every little thing.
It additionally fixes issues with FaceTime, Messages, Pictures, the Apple App Retailer, and Display Time. The fixes work by including higher checks, stronger reminiscence dealing with and higher web site validation checks, which preserve out malicious net pages.
As of January 2026, nevertheless, Malwarebytes Labs reported that solely 16 % of all iPhone customers have downloaded any model of iOS 26.
Apple has additionally famous that iPhones older than the iPhone 11 sequence should not suitable with iOS 26. This consists of fashions just like the iPhone XR, iPhone XS, iPhone XS Max, iPhone X, iPhone 8 and something older than that.
