Apple has issued a stark warning to iPhone users worldwide, alerting them to the severe risk posed by sophisticated 'mercenary spyware attacks' that can compromise devices without any interaction from the victim. The technology giant emphasised that the primary vulnerability stems from the overwhelming majority of users failing to update their devices to the latest iOS 26 operating system, which contains crucial security patches.
The Nature of the Threat
These highly advanced cyberattacks exploit critical vulnerabilities within the WebKit browser engine, the core component that powers Safari and numerous other applications on iPhones. The security flaws, present in older iOS versions, enable hackers to execute malicious code on a target device simply by compelling it to load corrupted web content. This method is notoriously referred to as a 'zero-click' attack, as it requires no action from the user, such as opening a suspicious email or clicking a malicious link, to initiate the breach.
Targeted and Ongoing Campaigns
Apple has confirmed on its official support pages that these specific vulnerabilities in outdated iPhone software have been actively exploited in highly targeted and sophisticated spyware campaigns. These operations are primarily directed at individuals such as journalists, political activists, and government officials. However, the company stressed that these mercenary attacks are 'global and ongoing,' posing a significant threat to the estimated one billion iPhone users who have not yet upgraded to iOS 26.
The tech giant described the threat actors as 'exceptionally well funded' and warned that they are employing deceptive tactics, including sending fake urgent messages that appear to originate from Apple itself, warning of suspicious account activity. Apple reiterated that genuine threat notifications from the company will never request users to click links, open files, install applications, or provide passwords or verification codes.
The Critical Solution: Immediate Update
The sole remedy, according to Apple, is for users to immediately download and install either the iOS 26 or the more recent iOS 26.2 operating system update. Following installation, users must restart their iPhones to potentially eradicate any hidden malware that may have already infiltrated the device. Apple has ceased providing security updates for older iOS versions on newer phone models, meaning users who remain on outdated software are entirely unprotected from these exploits. This includes iOS 18, released in September 2024, which was the last major update prior to iOS 26.
Alarming Adoption Statistics
Despite the urgent warnings, adoption rates for the secure iOS 26 remain critically low. Reports from Malwarebytes Labs, as of January 2026, indicate that a mere 16 percent of all iPhone users have downloaded any version of iOS 26. Furthermore, Apple has clarified that iPhones older than the iPhone 11 series, including models like the iPhone XR, XS, XS Max, X, and iPhone 8, are incompatible with the iOS 26 update, leaving these devices perpetually vulnerable.
Technical Details of the Exploits
The attacks leverage what are known as 'zero-day exploits'—hidden flaws in the iPhone's software that cybercriminals discover and weaponise before Apple can develop a fix. These allow hackers to craft specialised messages or links that automatically trigger the vulnerability. Once executed, the spyware installs silently in the background, granting attackers full remote control. This enables them to steal a vast array of personal data, including text messages, emails, photos, videos, call recordings, keystrokes, passwords, and real-time location data, all while disguising their activity as normal background processes.
Security Enhancements in iOS 26
The iOS 26 updates, particularly version 26.2, introduce robust security enhancements designed to neutralise these threats. The patches address critical vulnerabilities in several core components, including the WebKit engine and the Kernel—the fundamental 'brain' of the device that manages all operations. Additionally, fixes have been applied to FaceTime, Messages, Photos, the Apple App Store, and Screen Time functionalities. These improvements work by implementing stricter validation checks, enhanced memory handling, and more rigorous website screening to block malicious web pages effectively.
Apple concluded its warning by stating, 'The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks make them some of the most advanced digital threats in existence today.' The company refrained from identifying specific cyberterrorist groups involved but underscored the pervasive and severe risk to global iPhone users who delay essential software updates.
