Apple has issued a warning to its iPhone users following recent cyberattacks that have affected some customers.
The company has introduced two iOS updates aimed at fixing vulnerabilities that were targeted in these attacks.
Reports indicate that the vulnerabilities are linked to WebKit, the browser engine that powers Apple’s Safari on iOS devices.
The identified vulnerabilities, CVE-2025-43529 and CVE-2025-14174, were capable of compromising devices running iOS versions earlier than iOS 26.
CVE-2025-43529 involves a ‘use-after-free’ flaw that can be exploited by attackers to manipulate the browser, while CVE-2025-14174 involves memory corruption to breach user devices.
These vulnerabilities were discovered by Apple’s team and Google’s Threat Analysis Group on devices such as the iPhone 11 and later, iPad Pros, the third generation and later iPad Air, the eighth generation and later iPad, and the fifth generation and later iPad Mini.
Apple stated in a release: “For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.”
Apple’s guidance emphasizes: “Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security.”
The devices were compromised by mercenary spyware, making an update to iOS 26 crucial to protect against these vulnerabilities found in earlier versions.
Describing the breach as an ‘extremely sophisticated attack’, Apple has urged users to update, noting that over 50% have yet to upgrade to iOS 26, and even the US government has advised users to update, according to Forbes.
iOS 26 brings enhanced security features like Safari fingerprinting defense and anti-scam mechanisms for calls and messages.
James Maude from BeyondTrust told the outlet: “Users should urgently update all impacted Apple devices. It will quickly become a must-have exploit for a range of threat actors.”
Darren Guccione from Keeper Security added, stating that the update ‘is the only effective defense’ against these cyber threats, as “there’s no workaround or user behavior that meaningfully mitigates this risk.”
Guccione emphasized: “Once patches are public, the exposure window widens for anyone who delays updating.”
Meanwhile, users can enable their iPhone’s lockdown feature, which restricts access to various functions, adding an extra layer of security.
ZDNET reported Ivan Krstić, Apple’s head of security engineering and architecture, as saying: “While the vast majority of users will never be the victims of highly targeted cyberattacks, we will work tirelessly to protect the small number of users who are.
“That includes continuing to design defenses specifically for these users, as well as supporting researchers and organizations around the world doing critically important work in exposing mercenary companies that create these digital attacks.”