![\"Apple](\"https:\/\/www.newsbeep.com\/ca\/wp-content\/uploads\/2025\/12\/1765653731_35_0x0.jpg\")
<\/p>\n<\/p>\n
Screenshot iOS 26.2 fixes 26 flaws in Apple\u2019s iOS software, two of which are already being used in real-life attacks.<\/p>\n
Apple iPhone<\/p>\n
Update Dec. 13 at 03:35 a.m. EST: This article, originally published at 04:03 a.m. EST has been updated to add expert comment on the flaws fixed in iOS 26.2, as well as detailing why there was no iOS 26.1.1.<\/p>\n
Apple has released iOS 26.2<\/a>, along with a warning to update your iPhone<\/a> now. That\u2019s because iOS 26.2 fixes 26 flaws in Apple\u2019s iOS software, two of which are already being used in real-life attacks.<\/p>\n Apple doesn\u2019t provide much detail about what\u2019s fixed in iOS 26.2, to give iPhone users as much time as possible to update before attackers can get hold of the details. But it does reveal that iOS 26.2 fixes two flaws in WebKit, the engine that underpins the Safari browser, that \u201cmay have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.\u201d <\/p>\n Tracked as CVE-2025-43529 and CVE-2025-14174<\/a>, the two already exploited issues fixed in iOS 26.2 are related. The first flaw could lead to arbitrary code execution, if a user interacts with maliciously crafted web content. \u201cCVE-2025-14174 was also issued in response to this report,\u201d Apple said on its support page<\/a>.<\/p>\n Apple\u2019s iOS 26. 2 also fixes a vulnerability in the iPhone Kernel, tracked as CVE-2025-46285, which could allow an app to gain root privileges.<\/p>\n If an attacker gains root access on a phone, they \u201ceffectively own it,\u201d bypassing app sandboxes, reading messages and login codes and hijacking banking sessions, says Javvad Malik, lead CISO advisor at KnowBe4.<\/p>\n Criminals weaponise newly patched flaws quickly, he warns. \u201cUsers should update now from their phone\u2019s settings \u2014 and not via links or popups \u2014 and encourage their friends and family to do the same.\u201d<\/p>\n iOS 26.2 Comes Alongside Reports Of iPhone Spyware<\/p>\n The release of iOS 26.2 comes as Apple confirms its devices are being targeted by spyware<\/a>. The iPhone maker sent out cyber threat notifications<\/a> to users in at least 80 countries warning them that they are being targeted by the stealthy malware.<\/p>\n Spyware is extremely targeted and aimed at a certain subset of iPhone users, including dissidents, journalists and businesses operating in certain sectors. However, once it is on your device it can see and hear everything you do, even via encrypted apps such as WhatsApp.<\/p>\n Why Apple Let The Patch Wait Until iOS 26.2 <\/p>\n As eagled-eyed iPhone security watchers may have noticed, Apple has waited until iOS 26.2 to issue this emergency update, rather than releasing iOS 26.1.1 as a security-only upgrade.<\/p>\n