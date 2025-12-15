Apple has released iOS 26.2 and urged iPhone users to update their devices immediately. The update fixes 26 security flaws. Two of these flaws are already being exploited in reality, according to a report by Forbes.

Both of these flaws involve WebKit, the engine behind Safari, that “may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26", the report added.

One of these flaws allows arbitrary code execution when a user visits a malicious website. The second flaw is related and was reported alongside the first. While Apple has not shared details of what's fixed in iOS 26.2, it urged users to keep their devices updated to prevent falling prey to these serious threats.

According to the Forbes report, iOS 26.2 also fixes a critical iPhone Kernel flaw, which could let an app gain root access. With root privileges, attackers can bypass app sandboxes, read messages, access login codes and hijack banking sessions, according to Javvad Malik, lead CISO advisor at KnowBe4.

"Users should update now from their phone's settings — and not via links or popups — and encourage their friends and family to do the same," he warned.

Apple released iOS 26.2 as it confirmed iPhones are being targeted by spyware. The company issued cyber threat alerts to users in over 80 countries, the report added. The spyware targets a specific group of iPhone users, including journalists, dissidents, and businesses in certain sectors.

Some of the signs that an iPhone may be infected with spyware include overheating, lagging or the appearance of unfamiliar apps. In such cases, experts suggest replacing the device, but restarting the iPhone can temporarily disrupt the malware. By updating the iPhone to iOS 26.2, users can ensure it runs the most secure version.