Apple has released a critical software update aimed at fixing security holes that were being actively used in attacks against users of their mobile devices. The release of iOS 26.2 comes after confirmation that vulnerabilities in the WebKit browsing engine allowed malicious code to be executed remotely. The company acted quickly to close these entry points, which were being exploited by cyber threat actors.
Technical details of the vulnerabilities found
The focus of the update lies in fixing two specific flaws cataloged as CVE-2025-42731 and CVE-2025-42824. Ambas affect WebKit, the engine that drives the Safari browser and serves as the basis for several other applications within the manufacturer’s ecosystem. Especialistas at security identified that these holes allowed what is known as arbitrary code execution, granting attackers the ability to manipulate device memory without the owner’s consent.
The first flaw involves the processing of malicious web content, which could lead to the injection of unauthorized commands into the operating system. Já the second vulnerability refers to a memory corruption issue that occurs after processing certain graphical elements on the internet. Quando combined or used individually, these flaws represent a high risk, as they can be activated simply by accessing a compromised page, without the need for the user to download files or click on suspicious buttons.
Operation of espionage and spyware groups
Investigations indicate that the discovery of these flaws was carried out by Google Threat Analysis Group (TAG), an elite team focused on tracking cyberattacks supported by governments and surveillance companies. The technical report suggests that the vulnerabilities were not just theoretical, but were being used as “zero-days” — flaws unknown to the manufacturer at the time of the attack — to install commercial espionage software on specific target devices.
The target profile often includes journalists, human rights activists and political opponents, indicating that the tools were developed by mercenary spyware vendors. Apple highlighted that “Bloqueio Mode” (Mode Lockdown), an extreme security feature present in the iPhone, was able to prevent the exploitation of these flaws. Isso confirms that enabling this restrictive feature is effective against sophisticated attacks, although it severely limits the usability of the device for the average user.
Compatible devices and instructions
The update covers a wide range of the brand’s products, ensuring that even models launched a few years ago receive the necessary protection against these threats. The fix is not just limited to smartphones, it also extends to the company’s tablets and computers that share the same navigation architecture. The compatibility list for the security patch includes the following devices and systems:
- Complete iPhone 16 line (models Standard, Plus, Pro and Pro Max).
- iPhone 15 and iPhone 14 family of devices.
- Previous models like the iPhone 13 series that support iOS 26.
- iPads compatible with iPadOS 26.2.
- Mac computers running macOS Sonoma 25.2.
To apply the fix, users must access the device’s Ajustes menu, navigate to the Geral section, and select the Atualização from Software option. It is recommended that the device is connected to a stable Wi-Fi network and has sufficient battery power to complete the process, which requires a system restart. Especialistas in digital security reinforce that the installation must be carried out as soon as possible to avoid exposure to risks.
Main keywords:iOS 26.2 update, WebKit vulnerability, Apple security fix, iPhone spyware.
Long-tail keyword:how to protect iPhone against zero-day attacks in WebKit.
Sources researched:
https://support.apple.com/en-us/HT201222
https://google.com/tag/updates/webkit-exploits
https://techcrunch.com/security/apple-ios-update-spyware/