Apple has warned that iPhone users are at risk from ‘mercenary spyware attacks’ threatening to steal data without the victim even clicking on a suspicious link.
The tech giant said the threat stems from the vast majority of users not updating to the latest version of their phone software, known as iOS 26.
The patch includes advanced security upgrades for the latest vulnerabilities that hackers have allegedly been using in real-world attacks. Specifically, they’ve exploited sneaky flaws in the part of the iPhone that handles web browsing, called WebKit.
WebKit is the engine that powers Safari and other apps on the iPhone. However, the weak points in older iPhone operating systems let hackers run harmful code on a target’s phone just by tricking it into loading corrupted web content.
These are often called ‘zero-click’ attacks because they don’t rely on the victims opening a suspicious email or clicking on malicious links once they’re in the system.
Apple confirmed on its support pages that these issues with older iPhone software packages were exploited in highly targeted, sophisticated spyware campaigns, mainly aimed at journalists, activists, or politicians.
However, the company warned that these mercenary attacks were ‘global and ongoing,’ meaning the roughly one billion iPhone users not using a version of iOS 26 are at risk of cyberattack, including ones that users can’t see coming.
Apple said that the remedy is to download either the iOS 26 or iOS 26.2 operating system updates and then restart the iPhone immediately to potentially clear out any hidden malware.
Apple has urged all Apple iPhone users to immediately update to their new iOS 26 operating system
Apple added that leaving iPhones patched with older software means users are missing the fixes entirely, since Apple stopped providing security updates for those versions on newer phones.
This includes iOS 18, which was released in September 2024 and was the last major operating system update for the iPhone before iOS 26 was introduced last year.
‘The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks make them some of the most advanced digital threats in existence today,’ Apple warned in a statement.
Apple refused to name specific cyberterrorist groups or other known actors engaged in hacking as part of the widespread threat targeting iPhone users.
However, the tech giant claimed that the cybercriminals carrying out the hacks were ‘exceptionally well funded’ and were even tricking some victims into believing they had been sent an urgent message from Apple, warning of suspicious account activity.
‘Apple threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple Account password or verification code by email or on the phone,’ the company wrote in April 2025.
Hackers have reportedly been taking advantage of hidden flaws in the iPhone’s software, known as zero-day exploits, which means criminals know about them before Apple does and devise a fix.
This allows them to send specially crafted messages or links that trigger the vulnerability automatically without users needing to click or open anything, like a door they force open using code designed to match the exact weakness in iOS.
Should Apple do more to protect users with older iPhones from these dangerous spyware attacks?
Less than 20 percent of all iPhone users are reportedly using iOS 26, which protects devices from the latest cyberattacks (Stock Image)
When it comes to certain threat actors targeting specific targets, such as politicians and journalists, the hackers might have learned their iPhone was vulnerable by first gathering information about the device through fake Apple alerts that prompted victims to reveal their current iOS version.
Once inside, the spyware installs itself quietly in the background, giving hackers full remote control to run commands, hide their activity, and pretend to be a normal app or process running in the background of the iPhone.
This allows hackers to steal a wide range of personal data, copying text messages, emails, photos, and videos. Cybercriminals can hack into an iPhone and even record calls, keystrokes, passwords, or location data in real-time.
The new iOS 26 updates, including the latest version 26.2, add stronger security shields to the iPhone by fixing the hidden zero-day bugs in the software.
Apple has noted that iOS 26 fixes several key parts of WebKit and the Kernel, the core ‘brain’ that controls how the phone runs everything.
It also fixes problems with FaceTime, Messages, Photos, the Apple App Store, and Screen Time. The fixes work by adding better checks, stronger memory handling, and better website validation checks, which keep out malicious web pages.
As of January 2026, however, Malwarebytes Labs reported that only 16 percent of all iPhone users have downloaded any version of iOS 26.
Apple has also noted that iPhones older than the iPhone 11 series are not compatible with iOS 26. This includes models like the iPhone XR, iPhone XS, iPhone XS Max, iPhone X, iPhone 8, and anything older than that.