Apple has issued an urgent alert for all iPhone and iPad users, urging them to install the latest updates without delay to protect their devices from a significant security threat.

The company identified two critical vulnerabilities within WebKit, the core browser engine for Safari and all iOS browsers. Describing the flaws as part of a highly intricate attack, Apple noted that these issues target specific users.

This threat originates from malicious websites that could deceive your device into executing harmful operations. Consequently, attackers may gain control over your iPhone or iPad or execute unauthorized code.

For those who have automatic updates enabled, the necessary patch should be installed already. Others will need to manually update to iOS 26.2 or iPadOS 26.2 by accessing their device settings.

The devices most vulnerable include the iPhone 11 and newer models, the iPad Pro 12.9-inch (3rd generation and beyond), and the iPad Pro 11-inch (1st generation and newer).

Other vulnerable models include the iPad Air (3rd generation and later), the iPad (8th generation and later), and the iPad mini (5th generation and later). 

The flaws are classified as zero-day vulnerabilities, meaning they were unknown to the software creators and could be exploited by hackers before a patch existed.

Security teams, including Apple and Google’s Threat Analysis group, discovered the weaknesses, warning that the bugs could enable potentially devastating cyberattacks. 

Apple is urging all its iPhone users to install the latest update after identifying two vulnerabilities 

Apple has also released updates for iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2. 

One issue, called a use-after-free bug, is a memory problem that Apple resolved by improving how the device manages temporary data. 

Apple labeled the flaw as CVE-2025-43529. 

Another, known as a memory corruption bug, was fixed by adding stricter checks to prevent errors. This one was labeled as CVE-2025-14174.

‘For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available,’ the tech giant said in a release.

Cybersecurity expert Kurt Knutsson shared how iPhone users can protect themselves from such vulnerabilities.

Knutsson wrote for FOX News that installing updates immediately is crucial because zero-day attacks often rely on catching users off guard with outdated software. 

Enable automatic updates on all your Apple devices so that patches are applied as soon as they’re released. 

That way, even if you miss the announcement, your device stays protected without you having to lift a finger.

The patches come in a new iOS 26 update 

Many WebKit exploits begin with malicious websites. 

To stay safe, avoid clicking on unexpected links sent via SMS, WhatsApp, Telegram or email. 

If a link seems suspicious, type the website address directly into your browser instead of tapping it, Knutsson explained.

The most effective way to protect yourself from links that could install malware or steal your personal information is to use antivirus software on all your devices. 

Good security software can also warn you about phishing emails and ransomware, helping keep your personal data and digital assets secure.

Targeted attacks often begin with profiling, and the more personal information about you available online, the easier it is for attackers to pick you as a target. 

Limiting your exposure by adjusting social media privacy settings and removing data from broker sites can help reduce your visibility. 

While no service can completely erase your information from the internet, using a data removal service is a smart choice, said Knutsson.

These services actively monitor and systematically delete your personal information from hundreds of websites. 

Though they can be expensive, they provide peace of mind and are one of the most effective ways to protect your privacy. 

By minimizing the data available about you, it becomes much harder for scammers to combine breached information with what’s publicly online, lowering your risk of being targeted.