Hundreds of millions of unpatched iPhones remain sitting ducks for sophisticated spyware attacks, putting American users’ privacy and security at grave risk in an increasingly hostile digital world. Apple has warned of two critical WebKit zero-day vulnerabilities actively exploited by mercenary spyware, affecting iPhone 11 and later models. While fixes were released in December, a massive percentage of users have not yet updated to the necessary iOS 26.2, leaving up to 800 million devices exposed worldwide to exploits that enable device takeover and password theft. Immediate action is critical to safeguard personal data.
Story Highlights
- Apple warns of two critical WebKit zero-day vulnerabilities actively exploited by mercenary spyware against targeted individuals, affecting iPhone 11+ models.
- Fixes require full iOS 26.2 upgrade, but only 20-50% of users have updated, leaving up to 800 million devices exposed worldwide.
- Exploits enable device takeover, password theft, and payment data access via malicious websites with zero-click activation.
- Patches released December 12, 2025; public warnings issued January 18-19, 2026, urging immediate action amid slow adoption.
Vulnerabilities Target iPhone Users
Apple detected two zero-day flaws in WebKit, the engine powering Safari and all iOS browsers. These vulnerabilities allow malicious websites to execute harmful code without user interaction. Attackers have actively exploited them in extremely sophisticated attacks against specific high-profile individuals like activists and executives. The flaws stem from improper input validation and memory handling issues common in browser engines. Globally, 1.6 billion iPhone users face risks, with iPhone 11 and later models most vulnerable if unpatched.
Apple’s spyware warning explained and why restarting your iPhone still matters https://t.co/okH5VugG9P pic.twitter.com/gKBVLlBq78
— Standard News (@standardnews) January 19, 2026
Patches Released but Adoption Lags
Apple rolled out fixes in iOS 26.2 and iPadOS 26.2 on December 12, 2025, addressing the WebKit zero-days linked to mercenary spyware. Public warnings followed on January 18-19, 2026, stating the vulnerabilities may have been exploited prior to iOS 26. StatCounter data shows only about 20% adoption rate, with estimates up to 50% unpatched devices. No security-only patches exist for iOS 18 users; full upgrades are mandatory for iPhone 11+, iPad Pro, Air, and mini 3rd gen+ models.
Spyware Threats Echo Past Abuses
These zero-days mirror historical WebKit exploits used by spyware vendors like NSO Group in Pegasus campaigns targeting journalists via Safari flaws. Mercenary operators now pursue high-value surveillance for profit, bypassing safe browsing with zero-click web visits. Apple introduced protections like Memory Integrity Enforcement and Lockdown Mode in iOS 26 for at-risk users. A separate CVE-2026-20974 allows physical carrier relock bypass on older devices, compounding security concerns.
Security analysts from Malwarebytes and Cyberguy.com stress no workarounds exist—updates provide the sole defense. Browsers remain prime attack vectors when patches lag, potentially expanding from targeted to broader campaigns. Apple rarely deems threats “extremely sophisticated” lightly, signaling real danger to user data and device control.
Impacts Demand Immediate User Action
Unpatched devices risk short-term compromise via malicious sites, enabling password theft, payment access, and full takeover. Long-term, this drives iOS 26 adoption, obsoleting older hardware and pressuring users to upgrade. Economic fallout includes billions in potential breach costs; socially, it erodes trust in Apple ecosystems. High-risk groups like executives face elite targeting, while everyday Americans value personal privacy against government-like surveillance overreach. Update now to safeguard family data and finances.
Industry-wide, these events accelerate mobile OS patching races and bolster calls for rapid standards. Political scrutiny intensifies on spyware firms preying on dissidents, aligning with conservative priorities for individual liberty and protection from invasive tech threats. Under President Trump’s focus on security, users must take personal responsibility to stay ahead of foreign adversaries exploiting Big Tech delays.
Watch the report: Apple Issues Urgent Warning To 1.8 Billion iPhone Users—Update Now Or Face Zero-Day Attack
Sources:
- Apple warns millions of iPhones are exposed to attack
- Apple Spyware Warning—Turn Your iPhone Off And On Again Now
- Apple Urges IPhone Users To Update After Sophisticated WebKit Attacks – Grand Pinnacle Tribune
