Apple has issued an urgent security warning to all iPhone and iPad users across the United Kingdom, instructing them to install the latest software updates immediately. The alert concerns two critical security vulnerabilities that could leave devices exposed to sophisticated cyberattacks.
Critical Flaws in WebKit Engine
The tech giant identified two serious weaknesses within WebKit, the browser engine that powers Safari and all third-party browsers on iOS and iPadOS. Apple described the discovery as part of an 'extremely sophisticated attack' that was actively targeting specific individuals. The flaws are classified as zero-day vulnerabilities, meaning they were unknown to Apple before being exploited, giving hackers a window of opportunity before a fix was available.
Security teams from Apple and Google's Threat Analysis Group collaborated to uncover the weaknesses. They warned that the bugs could enable potentially devastating cyberattacks if left unpatched. The primary risk stems from malicious websites, which could deceive a device into executing harmful code.
Which Devices Are at Risk and How to Update
The devices most vulnerable to these exploits include a range of modern Apple products. The list encompasses the iPhone 11 and all later models. For iPads, the following are at high risk:
- iPad Pro 12.9-inch (3rd generation and later)
- iPad Pro 11-inch (1st generation and later)
- iPad Air (3rd generation and later)
- iPad (8th generation and later)
- iPad mini (5th generation and later)
To close the security gap, users must install iOS 26.2 or iPadOS 26.2. For those with automatic updates enabled, the patch should already be in place. Others need to manually download the update via their device's Settings app. Apple has also released corresponding security updates for macOS, tvOS, watchOS, visionOS, and Safari.
Understanding the Vulnerabilities and Expert Protection Advice
The first flaw, tracked as CVE-2025-43529, is known as a use-after-free bug—a memory management issue that Apple resolved by improving how devices handle temporary data. The second, labeled CVE-2025-14174, was a memory corruption bug fixed by implementing stricter validation checks.
Cybersecurity expert Kurt Knutsson emphasised the critical importance of acting swiftly. 'Installing updates immediately is crucial because zero-day attacks often rely on catching users off guard with outdated software,' he wrote. His advice for UK users includes:
Enable automatic updates on all Apple devices to ensure protection as soon as patches are released.
Exercise extreme caution with links received via SMS, WhatsApp, email, or other messaging platforms. If a link seems suspicious, type the website address directly into your browser instead of clicking.
Consider using reputable security software on all devices to warn against phishing attempts and malware.
Limit your digital footprint by adjusting social media privacy settings and considering data removal services to make it harder for attackers to profile you.
Apple stated in its release, 'For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available.' The company now urges all users to take immediate action to safeguard their personal data and devices from this critical threat.
