Filenews 31 December 2025
Apple has issued an urgent warning to iPhone and iPad owners, urging them to immediately install the latest software updates to shield their devices against a serious cybersecurity threat.
According to the company, two critical security vulnerabilities were found in WebKit, the browser that uses Safari and all browsers on iOS and iPadOS. The specific problems, as Apple says, are part of a "highly sophisticated attack" that targets specific individuals.
What is the risk?
The vulnerabilities could be exploited through malicious websites, which may trick the device into executing harmful commands. In practice, this means that an attacker could gain access to the device or execute code without the user's consent.
Users who have automatic updates enabled have probably already received the relevant patch. However, those who do not have this setting will have to manually download iOS 26.2 or iPadOS 26.2 versions from their device's settings.
Which devices are affected
Devices considered to be most exposed include:
– iPhone 11 and later
– iPad Pro 12.9-inch (3rd generation and later)
– iPad Pro 11-inch (1st generation and later)
– iPad Air (3rd generation and later)
– iPad (8th generation and later)
– iPad mini (5th generation and later)
The weaknesses are characterized as zero-day, meaning they were unknown to the developers of the software and could be exploited by hackers before a fix was available. The problems were identified by Apple's security teams in collaboration with Google's Threat Analysis team.
What the updates fixed
Apple also rolled out updates for iOS 18.7.3, iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2.
One vulnerability concerned a "use-after-free" error, i.e. a memory management issue, which was fixed with improved handling of temporary data (CVE-2025-43529). The second was a memory corruption error, addressed with stricter controls (CVE-2025-14174).
As Apple points out, for the protection of its users, it does not release details of security issues before the investigation is completed and the necessary updates are made available.
How users can be protected
Cybersecurity expert Kurt Knutsson tells the Daily Mail that installing updates promptly is critical, as zero-day attacks rely on "catching up" users with outdated software. It proposes:
– Enable automatic updates on all Apple devices
– Avoid clicking on suspicious links from SMS, email, or messaging apps
– Typing the address of a web page directly into the browser instead of opening links
– Use of security software that can warn of phishing and malicious content
– Limiting the exposure of personal data online through privacy settings and removal of data from third-party databases
Apple and experts emphasize that while no solution offers complete security, the combination of timely updates and cautious online behaviour significantly reduces the risk of targeted attacks.
