Update to iOS 26.2! Apple Flags Two WebKit Flaws as Exploited by Hackers

Update your Apple gear! The company warns that hackers are actively exploiting two security holes in its software in “extremely sophisticated attacks.”

The Cupertino tech titan issued emergency security updates on Dec. 12 across its entire product lineup, addressing dozens of security lapses – including two vulnerabilities labeled as “exploited” by threat actors.

If you own Apple gear, make this update a priority!

Attacks against ‘specific targeted individuals’

iOS 26.2 (and iOS 18.7.3 for those who’ve resisted the ‘liquid glass’ upgrade) fix roughly two dozen security issues for iPhone and iPad users – including two described as exploited in targeted attacks.

The first issue, tracked as CVE-2025-43529 and flagged by Google’s Threat Analysis Group, is a “use-after-free” issue in WebKit – a core component iPhone and iPad apps use to display web content on your screen.

“Processing maliciously crafted web content may lead to arbitrary code execution,” the advisory says. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,” the tech giant warns.

A second WebKit issue, tracked as CVE-2025-14174, deals with memory corruption where, again, “processing maliciously crafted web content” can lead to compromise.

Apple credits both Google and its own security staff for isolating this software fault.

Update your gadgets

The two issues are flagged across multiple products and OS versions, save for two older versions of macOS – Sonoma and Sequoia. For users running these macOS versions, Apple offers a standalone patch for the Safari browser addressing the same two issues, plus others.

So, whether you own an iPhone, a Mac, an Apple Watch or an Apple Vision headset, there’s an update for you to install.

As of today, you want to be on:

iOS 26.2 and iPadOS 26.2 – iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later.

iOS 18.7.3 and iPadOS 18.7.3 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

macOS Tahoe 26.2 – Macs running macOS Tahoe

macOS Sequoia 15.7.3 – Macs running macOS Sequoia

macOS Sonoma 14.8.3 – Macs running macOS Sonoma

watchOS 26.2 – Apple Watch Series 6 and later

visionOS 26.2 – Apple Vision Pro (all models)

Safari 26.2 – macOS Sonoma and macOS Sequoia

Take ‘exploitable’ issues seriously!

As we note every time we report on Apple’s emergency software patches, exploits like these have historically involved spyware targeting activists, dissidents, political rivals, human rights advocates, investigative journalists and high-profile figures in general.

Apple, Google, and WhatsApp-parent company Meta have been fighting the threat for years.

Even if you’re not a high-risk person, it’s always a good idea to stay up to date with the latest security patches – you never know when you trip a wire and become a target.

For peace of mind, run an independent security solution on all your personal devices. On Apple devices, keep the trusty Lockdown Mode toggle handy if you have reason to believe hackers might target you.

You may also want to read:

Your Old iPhone Needs an Update! iOS 16.7.12 Fixes a Critical Security Flaw

Still Not on iOS 26? Apple Offers iOS 18.7.2 to Keep You Safe

Google Chrome Zero-Day Alert: Patch Now to Block Active Exploit [Dec 11, 2025]