Apple issues warning to 1.8bn iPhone users over security threat

It said an 'extremely sophisticated attack' had taken place

The tech giant told all iPhone and iPad users to install the latest updates immediately in order to protect their devices.

As per Apple's security bulletin, the company raised concerns over two critical flaws found in WebKit, the browser engine that powers Safari and all browsers on iOS, describing the attack as one that targets individuals.

Users may run into the risk whilst on malicious websites which are able to make the device undergo harmful instructions letting hackers take control of the iPhone or iPad or run code on it unbeknownst to the user.

Devices most at risk are reportedly the iPhone 11 onwards whilst the iPad Pro 12.9-inch (3rd generation and later), and the iPad Pro 11-inch (1st generation and later) are also concerned.

The iPad Air (3rd generation and later), the iPad (8th generation and later), and the iPad mini (5th generation and later) are equally concerned.

These flaws were not known to the software creators when they were released and therefore could be exploited by hackers before a patch existed.

These are known as zero-day flaws.

Updates were issued for the devices whilst those with automatic updates enabled should already have the latest version.

If not, users will have to manually download iOS 26.2 or iPadOS 26.2.

Apple has also released updates for iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2. 

The two flaws have been labelled as CVE-2025-43529 and CVE-2025-14174 respectively.

The former is a WebKit use-after-free vulnerability that can lead to arbitrary code execution when a device processes maliciously crafted web content.

This allows attackers to use their own code on a hacked device by tricking the browser into mishandling memory.

This issue was discovered by Google’s Threat Analysis Group. 

The second flaw, CVE-2025-14174, is also a WebKit issue, which involves memory corruption.

Apple says this issue was discovered jointly by Apple and Google’s Threat Analysis Group.

In a release from Apple, the tech giant said: "For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security releases page.

Writing for Fox News, tech expert Kurt Knutsson said that the best way to prevent being affected by zero-day attacks is by immediately installing all updates as soon as they are released.

This best way to do that is to enable automatic updates in the settings of your iPhone.