Apple has solved two of its critical cyber vulnerabilities through iOS 26.2. Working against iPhone spyware attacks, the update blocks known exploitation paths, improving device-level privacy and security protections.
Apple released iOS 26.2 with urgent warnings to update, as critical WebKit and Kernel vulnerabilities were actively being exploited by spyware and malicious apps.
Apple has launched iOS 26.2 with an unusual warning to update iPhones right away. The iPhone maker has mentioned that two vulnerabilities identified under CVE-2025-43529 and CVE-2025-14174 can allow an attacker to execute malicious code if a user interacts with a specially designed web page.
These issues are linked to WebKit, the browser engine used in all versions of iOS and Safari.
iPhone security update iOS 26.2 includes patches for vulnerabilities in WebKit, which powers the Safari browser and iOS applications.
“These flaws allowed malicious web content to execute arbitrary code on vulnerable devices,” says Moshe Levi, Global Manager of the Checkpoint PT Team.
“Since WebKit powers Safari and many iOS applications, the potential impact is significant. Apple confirmed that the vulnerabilities were exploited in the wild, making this update a high-priority patch for all users," he added.
“Update all devices to iOS 26.2 immediately and stay alert for emerging proof-of-concept details from trusted security feeds. Keep your device up to date first – save the 'how much battery does it consume?' questions for later,” Levi further stated.
Apple confirmed that its devices are being targeted by stealthy malware, as the iPhone maker warned users in 80 countries by sending out cyber threat notifications. The company also noted that Apple threat notifications will never ask users to click on links, open files, install apps, or request account passwords or verification codes.
These updates will prevent iPhone users from extremely targeted malware such as Pegasus and Predator. Consumers can use Apple’s Lockdown Mode to prevent these attacks.
CVE-2025-46285 is an iPhone Kernel vulnerability that allows malicious apps to gain root privileges. Other severe issues included letting certain applications access sensitive payment tokens that could expose financial data. These critical hurdles were also fixed in this upgrade.
Also Read: iOS 26.2 Security Update Fixes Data Exposure and System Privilege Risks
Device lags, overheating, and the presence of apps that users did not install may signal that the device has been affected by malware. The number of crucial vulnerabilities patched by the iOS 26.2 update highlights a need for staying informed about the latest security releases.
“Users should update now from their phone’s settings and not via links or popups and encourage their friends and family to do the same,” said Javvad Malik, Lead CISO Advisor at KnowBe4.