The technology giant has released a critical update for its mobile and desktop operating systems to mitigate newly discovered high-risk vulnerabilities. The emergency measure, identified as iOS 26.2, arrives to correct loopholes that allowed the arbitrary execution of malicious code on the brand’s devices. The company confirmed that the flaws were actively exploited by cybercriminals, which raises the severity level of the alert for all users of the ecosystem.
The central focus of the problem lies in WebKit, the rendering engine used by the Safari browser and several other applications in the iOS environment. Pesquisadores identified that processing malicious web content could cause a buffer overflow, allowing attackers to control device memory. Essa structural failure put the integrity of user data at risk, opening the door to the installation of monitoring software without the victim’s consent or knowledge.
Technical details and impact on the system
The vulnerabilities were officially cataloged under the codes CVE-2025-43529 and CVE-2025-14174. Exploitation of these flaws is not limited to just the Apple native browser; Due to the App Store guidelines, third-party browsers like Chrome and Firefox on the iPhone also utilize the WebKit engine, making them potential attack vectors. The fix implemented by the update introduces stricter input checks and improves memory state management to prevent improper execution flow.
Cybersecurity experts point out that the nature of the attack suggests the use of sophisticated tools, generally associated with companies that develop commercial spyware. Esses programs, often called “zero-click”, do not require user interaction to infect the device, being used to monitor journalists, political activists and state figures. The update aims to close this silent gateway, restoring the operating system’s protective barriers.
Update procedures and supported devices
To ensure immediate protection, Apple recommends that all users install the security suite as soon as possible. The update process has been simplified to cover a wide range of devices, including older models that do not support the latest versions of the system, through specific patches such as iOS 18.7.3.
Installation must be performed manually if automatic updates have not been processed. The user must access the Ajustes menu, navigate to the Geral section and select Atualização from Software. The device must be connected to a stable Wi-Fi network and have at least 50% battery or be connected to the power source throughout the process.
The list of devices expected to receive the fix includes:
– Todos models from the iPhone 15 line and later.
– Recent Modelos of iPad Pro and iPad Air.
– Computadores Mac compatible with macOS Tahoe 26.2.
– Apple Watch and visionOS devices supported.
The company reinforces that keeping software up to date is the most effective line of defense against evolving digital threats. Além of the WebKit fix, the new build brings stability improvements and minor bug fixes reported by the community in recent weeks.
SEO Keywords:
iPhone security, iOS 26.2 update, WebKit flaw, Apple vulnerability, spyware fix.
Pesquisa Links:
https://www.apple.com/br/newsroom/
https://support.apple.com/pt-br/HT201222
https://g1.globo.com/tecnologia/
