Apple has urgently warned its about 1.8 billion iPhone and iPad users around the world after finding two major security holes in its software. The company said the threats were part of an extremely sophisticated attack and told people to update their devices right away to stay safe.
Apple found major problems with WebKit, the engine that runs Safari and all other websites on Apple devices. This led to the warning. Because of these flaws, attackers could run dangerous code by tricking people into going to a bad website.
What Apple Found and Why It’s Important
Apple’s security warning says that the two flaws, identified as CVE-2025-43529 and CVE-2025-14174, were already being used in very complicated attacks before the company provided fixes. The bugs are in the way WebKit handles some memory functions. If attackers are able to take advantage of them, they could damage a device that is impacted.
The company said it learnt that the problems may have been exploited in a very sophisticated attack against specific targeted individuals. This means that the threats were aimed at a small group of users rather than criminals in general.
Because WebKit is built into Safari and all iOS apps, the risk could harm a lot of devices, like iPhones and iPads.
Updates on emergencies released
So that these bugs can be fixed, Apple has put out emergency security updates like iOS 26.2 and iPadOS 26.2, along with other platform patches. People who have automatic updates turned on may already be safe, but Apple strongly recommends that everyone else run the latest software changes by hand through their device settings.
The company didn’t say who may have been targeted or who was behind the hacks because they were worried about security.
According to Apple’s warning, these attacks were focused and not common. However, because the flaws are so serious, any device that hasn’t been fixed could be at risk if it were used.
Cybersecurity Background and Advice from Experts
Security experts say that Apple putting out emergency fixes for zero-day flaws that are being actively abused is very unusual and a sign of a big risk. Because of the bugs in WebKit, dangerous websites could take over a device without the user doing anything else besides visiting the harmful page.
Because WebKit is so tightly integrated into Apple’s operating systems, a bug in the engine affects more than just one app. Working with outside defence teams helped Apple find and fix the problems.
Cybersecurity experts have told people to quickly update their devices, stay away from sketchy links and websites they don’t know, and make sure their software is always up to date to avoid future threats like these.
No Big Deal, But The Time Has Come To Update
Even though Apple said it seemed like the attacks were very focused and not a mass takeover of millions of devices, the company’s warning to all 1.8 billion users shows how bad the problems could be if they aren’t fixed.
The best way for users to protect their personal information and protect their gadgets against these advanced risks is still to install the latest update.
