![\"Apple](\"https:\/\/www.newsbeep.com\/ca\/wp-content\/uploads\/2025\/12\/1765653731_35_0x0.jpg\")
<\/p>\n<\/p>\n
Screenshot iOS 26.2 fixes 26 flaws in Apple\u2019s iOS software, two of which are already being used in real-life attacks.<\/p>\n
Apple iPhone<\/p>\n
Update Dec. 14: This article, originally published on Dec. 13, has been updated to add expert comment on the flaws fixed in iOS 26.2, other updates issued alongside it, advice on spyware mitigation, as well as detailing why there was no iOS 26.1.1.<\/p>\n
Apple has released iOS 26.2<\/a>, along with a warning to update your iPhone<\/a> now. That\u2019s because iOS 26.2 fixes 26 flaws in Apple\u2019s iOS software, two of which are already being used in real-life attacks.<\/p>\n Apple doesn\u2019t provide much detail about what\u2019s fixed in iOS 26.2, to give iPhone users as much time as possible to update before attackers can get hold of the details. But it does reveal that iOS 26.2 fixes two flaws in WebKit, the engine that underpins the Safari browser, that \u201cmay have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.\u201d <\/p>\n Tracked as CVE-2025-43529 and CVE-2025-14174<\/a>, the two already exploited issues fixed in iOS 26.2 are related. The first flaw could lead to arbitrary code execution, if a user interacts with maliciously crafted web content. \u201cCVE-2025-14174 was also issued in response to this report,\u201d Apple said on its support page<\/a>.<\/p>\n Apple\u2019s iOS 26. 2 also fixes a vulnerability in the iPhone Kernel, tracked as CVE-2025-46285, which could allow an app to gain root privileges.<\/p>\n If an attacker gains root access on a phone, they \u201ceffectively own it,\u201d bypassing app sandboxes, reading messages and login codes and hijacking banking sessions, says Javvad Malik, lead CISO advisor at KnowBe4.<\/p>\n Criminals weaponise newly patched flaws quickly, he warns. \u201cUsers should update now from their phone\u2019s settings \u2014 and not via links or popups \u2014 and encourage their friends and family to do the same.\u201d<\/p>\n iOS 26.2 Comes As Apple Warns Of iPhone Spyware<\/p>\n The release of iOS 26.2 comes as Apple confirms its devices are being targeted by spyware<\/a>. The iPhone maker sent out cyber threat notifications<\/a> to users in at least 80 countries warning them that they are being targeted by the stealthy malware.<\/p>\n Spyware is extremely targeted and aimed at a certain subset of iPhone users, including dissidents, journalists and businesses operating in certain sectors. However, once it is on your device it can see and hear everything you do, even via encrypted apps such as WhatsApp.<\/p>\n How To Protect Yourself From Spyware<\/p>\n If you think you may have been hit by spyware, signs include overheating of your iPhone, a laggy device, or new apps suddenly appearing that you can\u2019t recall downloading.<\/p>\n If this is the case, experts say the best thing you can do is ditch your iPhone altogether. However, the malware can be disrupted by turning your iPhone off and on again. Just know that this is temporary.<\/p>\n To prevent your device being hit by spyware, update first to iOS 26.2 to ensure you are on the most secure iOS version. You can also use tools such as Apple\u2019s Lockdown Mode, while remaining vigilant of any unusual behavior on your iPhone.<\/p>\n iOS 26.2 Issued Alongside iOS 18.7.3 And More<\/p>\n Apple released iOS 26.2 alongside iOS 18.7.3, which itself fixes 22 flaws, including the two WebKit issues that have already been exploited in attacks. Apple says attacks targeted versions of iOS before iOS 26, which could mean iPhones on iOS 18.7.2 are vulnerable. <\/p>\n The fact that Apple has patched iOS 26 too indicates that the latest operating system is vulnerable, but attacks have not succeeded yet, perhaps because they are more difficult to perform. <\/p>\n Apple\u2019s iOS 18.7.3 is available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.<\/p>\n Meanwhile, Apple released macOS Tahoe 26.2, macOS Sequoia 15.7.3 and macOS Sonoma 14.8.3 for Macs. The iPhone maker also issued tvOS 26.2 for Apple TV, watchOs 26.2 for Apple Watch, visionOS 26.2 for the Apple Vison Pro and Safari 26.2 for macOS Sonoma and macOS Sequoia.<\/p>\n Why Apple Let The Patch Wait Until iOS 26.2 <\/p>\n As eagled-eyed iPhone security watchers may have noticed, Apple has waited until iOS 26.2 to issue this emergency update, rather than releasing iOS 26.1.1 as a security-only upgrade.<\/p>\n