Apple released security fixes in mid-December 2025 for serious vulnerabilities in WebKit, the browsing engine used in Safari and all browsers on the system. Essas flaws, actively exploited in sophisticated attacks, allow remote code execution through malicious web content. The company chose not to offer patches for older versions such as iOS 18, forcing users to migrate to iOS 26.
Millions of iPhone owners have yet to update, leaving their devices exposed for more than six weeks. Especialistas point out that the number of affected devices reaches hundreds of millions, considering the low adoption rate of the new version. The situation changes the protection expected from an iPhone, traditionally seen as safe.
Apple’s decision intensifies the urgency to update immediately, especially as iOS 26.3 approaches. Usuários that remain on iOS 18 do not receive the 25+ fixes included in iOS 26.2, including the WebKit bugs.
Vulnerabilities in WebKit Require Immediate Attention
WebKit represents a common attack vector because it processes web content across the entire Apple ecosystem. The identified flaws, such as CVE-2025-43529 and CVE-2025-14174, allow attackers to execute arbitrary code just by visiting prepared pages. Inicialmente targeted at specific targets, these exploits spread quickly to common criminals.
Apple confirmed that the vulnerabilities were being used in real campaigns before the patches were released. Dispositivos without the update remain susceptible to silent infections, compromising personal data and device functions. The lack of backport to iOS 18 accelerates the forced obsolescence of previous versions.
Experts reinforce that the risk increases over time, as details of the failures become public after disclosure. Ataques opportunists grow as tools based on these exploits circulate on the internet.
Low adoption of iOS 26 worries the market
Adoption data indicates that iOS 26 only reaches between 16% and 55% of active devices, depending on the source consulted. Most users remain on iOS 18 or earlier versions, even months after the new edition is released. Essa slowness contrasts with previous updates, which achieved higher rates in the same period.
Several factors contribute to resistance, including fear of interface changes and battery drain on older models. Dispositivos incompatible with iOS 26 receive limited updates, but not full WebKit fixes. Apple maintains partial support for these machines, but prioritizes the major version.
The direct consequence appears in prolonged exposure to known threats. Centenas of millions of iPhones operate without full protection, changing the platform’s security profile.
Regular restart gains strategic importance
Security agencies recommend weekly restarts of devices to clear memory and stop persistent exploits. Poucos users follow this practice, but it becomes essential until the update takes place. iOS 26 applies several fixes only after restart, combining system protection and cleaning.
Without the upgrade, manual restart provides temporary defense against active attacks. Apple no longer provides separate patches for iOS 18, making the procedure even more relevant. Usuários that avoid updates lose this additional layer of automated security.
- Check the current version at Ajustes > Geral > Sobre.
- Perform a full backup before making any changes.
- Connect the device to a stable Wi-Fi network for downloading.
Next iOS 26.3 update strengthens protections
iOS 26.3, expected in late January or early February 2026, brings additional refinements and fixes. Ela focuses efforts on compatibility and security without introducing revolutionary features. Analistas highlight the inclusion of patches for residual vulnerabilities.
An expected advancement involves RCS with end-to-end encryption on cross-messages with Android. Essa functionality raises the standard of privacy in interplatform communications, aligning with modern requirements. Usuários who migrate now anticipate these benefits without waiting for the launch.
The update combines accumulated fixes with general stability improvements. Eligible Dispositivos receive the complete package, eliminating outstanding risks from the previous cycle.
Practical steps to update your device
Updating your iPhone represents the most effective measure against current threats. The process starts at Ajustes > Geral > Atualização of Software, where the system checks availability. Compatible Modelos display iOS 26.2 or higher directly.
- Back up to iCloud or computer to preserve data.
- Keep charge above 50% or connect to charger.
- Use fast Wi-Fi connection to avoid interruptions.
- Restart the device after installation to apply all fixes.
The migration resolves not only the WebKit flaws, but also 25 other vulnerabilities fixed in the package. Usuários who delay the procedure remain exposed to known risks and potential new exploits.
Additional benefits of immediate migration
iOS 26 offers improved stability in addition to basic security. Recursos as integrated artificial intelligence and better battery management appear on supported models. The transition eliminates reliance on frequent manual restarts for protection maintenance.
Updated devices receive continued support for longer, including future quick fixes. Apple prioritizes current versions, ensuring an agile response to emerging threats. Manter the outdated system gradually reduces the overall effectiveness of the device.
The combination of immediate patches and automatic restart after update restores the expected level of security. Usuários that act now avoid prolonged windows of vulnerability.
Broad context of security on mobile devices
Mobile platforms face increasing attacks via browsers due to the constant use of the internet. WebKit, present in all apps that render the web on iOS, becomes a preferred target. Correções speeds like iOS 26.2 demonstrate Apple’s response to real exploits.
Global statistics show that update delays affect billions of devices across different systems. The company’s approach, by focusing patches on the major version, accelerates protection for the active majority. Usuários individuals decide the moment of migration, directly influencing their exposure.
Experts advise prioritizing security updates regardless of new features. The practice keeps the ecosystem more resilient against evolving cyber campaigns.
