Apple Urges iPhone, iPad Users to Install iOS 26.2 Patch for Active WebKit Exploit
Apple has warned that two critical WebKit flaws used in "extremely sophisticated" attacks could let malicious websites run arbitrary code on iPhones and iPads, enabling device takeover, password theft and access to payment data simply by visiting the wrong page. The company says the bugs affect iPhone 11 and later models plus recent iPad Pro, iPad Air, iPad and iPad mini generations, and that the only effective fix is upgrading to iOS 26.2 or iPadOS 26.2 because it is no longer offering a security‑only update for users who want to stay on iOS 18. Usage data cited in the piece suggest a large patch gap: roughly half of eligible users, and possibly as many as 80% worldwide, have yet to update, leaving an estimated hundreds of millions of devices exposed, including a huge share of U.S. phones. Security experts quoted say there is no user‑behavior workaround, since the vulnerability resides deep in Safari’s browser engine and in every browser that runs on iOS, and that risk rises once technical details are public because attackers can reliably weaponize them. The article walks users through how to check and update their software via Settings > General > Software Update, underscoring that timely patching is now the only real protection against this active exploit.
📌 Key Facts
- Apple confirmed two critical WebKit vulnerabilities in Safari and all iOS browsers that allowed malicious websites to execute code on iPhones and iPads.
- The flaws were already exploited in "extremely sophisticated" attacks against specific individuals before disclosure, according to Apple.
- Patches are available only through iOS 26.2 and iPadOS 26.2; Apple has dropped separate security‑only updates for users who wish to remain on iOS 18.
- Estimates cited in the article say roughly half to as many as 80% of eligible users have not yet updated, leaving hundreds of millions of devices at risk.
- Affected hardware includes iPhone 11 and later, iPad Pro 12.9‑inch (3rd gen+) and 11‑inch (1st gen+), iPad Air (3rd gen+), iPad (8th gen+) and iPad mini (5th gen+).
📊 Relevant Data
In 2024, individuals over the age of 60 reported the highest number of internet crime complaints and the greatest financial losses, totaling nearly $5 billion, representing the demographic with the most significant impact from such crimes.
According to 2025 data, 40% of Millennials, 37% of Gen Z, 36% of Gen X, and 27% of Baby Boomers have lost money to scams, indicating higher rates among younger generations despite older groups experiencing larger per-incident losses.
2025 Data Study on Fraud and Identity Theft in America — IPX1031
In 2025, women account for 67% of US scam victim reports, but men lose more money on average per scam, with no specific causal factors identified in the data.
How many people have been scammed? (2025 statistics) — Exploding Topics
📰 Source Timeline (1)
Follow how coverage of this story developed over time