Apple has released an emergency update for its mobile and desktop operating systems to fix serious vulnerabilities that were being actively exploited by digital criminals. The release of iOS 26.2 comes as a direct response to the discovery of flaws in WebKit, the navigation engine used by Safari and several other applications in the company’s ecosystem. The correction is considered mandatory for all users, as the loopholes allowed malicious code to be executed remotely, compromising the integrity of personal data stored on the devices.
Cybersecurity experts identified that the flaws were being used in targeted attacks, operated through commercial espionage software. The “zero-day” nature of the vulnerabilities indicates that the developers of Apple had no prior knowledge of the errors in the code before they were exploited by third parties. Google Threat Analysis Group (TAG), an elite team focused on tracking global cyberthreats, was responsible for reporting the issues, pointing out the involvement of mercenary spyware vendors who sell hacking tools to government agencies and private actors.
The attack mechanism took advantage of the processing of malicious web content to corrupt the device’s memory. By visiting an infected page or interacting with compromised graphics, a user could have their device hacked without the need for additional clicks or manual downloads. Essa category of attack, known as remote code execution, grants the attacker elevated privileges, allowing the theft of credentials, monitoring of conversations and access to private files without the victim noticing any anomaly in the functioning of the smartphone or computer.
Technical details of the fixed vulnerabilities
The fixes implemented in iOS 26.2 specifically address two vulnerability records: CVE-2025-42731 and CVE-2025-42824. Ambas are located in WebKit and affect the way the system manages memory when rendering web pages. The first flaw allowed the injection of arbitrary commands, while the second was related to insufficient validation that could lead to the leakage of sensitive user information. The combination of these two holes created a robust attack vector, capable of overcoming the operating system’s standard protection layers.
Apple confirmed in its security notes that there are reports indicating that these flaws may have been exploited in iOS versions prior to 26.2. The company reinforced that, due to WebKit’s deep integration with the system — being used not only by the native browser, but also to display web content within email and social media applications — the attack surface is extensive. The update modifies state management logic and improves data entry validation protocols to neutralize these threats.
Effectiveness of Modo of Bloqueio against espionage
An in-depth analysis carried out by security teams revealed that “Modo of Bloqueio” (Mode Lockdown), an optional feature present on Apple devices, was effective in preventing these attacks. Projetado To provide extreme protection to high-risk targets such as journalists, activists, and diplomats, this mode severely restricts certain system functionalities that are often vectors of infection. In the specific case of the flaws now fixed, Bloqueio Mode disables JIT (Just-In-Time) compilation of JavaScript, which was the component exploited by attackers to manipulate the device’s memory.
By activating this functionality, the user accepts a reduction in browsing performance and the unavailability of certain features, such as previewing complex links and attachments, in exchange for an almost insurmountable security barrier. The confirmation that Modo of
Affected devices and compatibility
The security update covers a wide range of the technology giant’s products, ensuring that both the latest models and devices that are a few years old receive the necessary protection. The patch package has been made available for the iPhone 16 line (including models Standard, Plus, Pro and Pro Max), as well as for the iPhone 15 and iPhone 14 families.
In addition to smartphones, Apple has released corresponding patches for other ecosystems. iPadOS 26.2 was released to protect the brand’s tablets, and macOS Sonoma 25.2 was made available for Mac computers, correcting the same flaws in the WebKit engine. Até even the Apple Watch has received attention, with the release of watchOS 11.2, ensuring that wearable accessories do not become the weak link in the user’s security chain. Para older devices that do not support iOS 26, the company has released separate security updates, porting the critical fixes to legacy systems.
Recommended user procedures
Installing iOS 26.2 should be treated with top priority. The update process replaces vulnerable system files with shielded versions, eliminating the risk of exploitation through documented flaws. Embora Many devices are configured to perform automatic updates overnight, the severity of the situation requires an immediate manual check. Downloading and installing ensures that malicious code designed for previous versions stops working, protecting the user’s banking information, photos and private communications.
To check and install the update, the user must access the Ajustes menu, navigate to the Geral section and select Atualização from Software. It is recommended that the device is connected to a stable Wi-Fi network and has a battery above 50% or connected to the charger. Após reboot, the system will be protected against the newly discovered WebKit vulnerabilities. Especialistas reinforce that keeping software up to date is the most effective defense measure against the growing mercenary digital espionage industry.
Keywords: iOS 26.2, WebKit flaw, Apple update, mercenary spyware.
Long-tail keywords: how to update iPhone security critical.
Links researched:
https://support.apple.com/en-us/HT201222
https://google.com/tag/updates/webkit-exploits
https://techcrunch.com/security/apple-ios-update-spyware/