Khaberni - Apple issued an urgent warning to iPhone users about the risk of sophisticated digital espionage attacks aimed at stealing personal data without the need for the victim to click on any suspicious link.
The company confirmed that the main reason behind users being exposed to these attacks is not updating their phones to the latest version of the operating system, iOS 26, which includes advanced security upgrades to close the gaps exploited by hackers in the real world.
Apple pointed out in an official statement that the vulnerabilities were present in the WebKit engine, responsible for running Safari browser and other applications, allowing attackers to execute malicious code simply by loading specially designed web content, without any user interaction, known as "zero-click attacks."
The company explained that these attacks particularly targeted journalists, activists, and politicians, but warned that they are "global and ongoing attacks," putting about a billion users of outdated iPhone models at risk of cyber attacks, including invisible attacks to the user.
Apple warned users against ignoring updates, emphasizing that older versions such as iOS 18 no longer receive security updates, and that installing iOS 26 or the latest version 26.2 and restarting the phone may eliminate any hidden malicious software.
The company mentioned that the new update addresses several main vulnerabilities in WebKit and Kernel, in addition to security enhancements in core applications like FaceTime, Messages, Photos, the App Store, and the Screen Time feature, adding more stringent checks and enhancing memory management and website verification to prevent harmful pages.
Despite the release of the update, reports revealed that only 16% of iPhone users have downloaded any version of iOS 26 (whether the basic or subsidiary version) by January 2026. Also, older phones from the iPhone 11 series, including iPhone XR, XS, XS Max, X, and 8, and earlier, are not compatible with this new update.
Apple also warned about phishing messages claiming to be official warnings from the company, adding "Apple notifications will never ask you to click on links, open files, install applications, or enter your account password through email or phone."
