Apple Warns UK iPhone Users of Critical Zero-Day Threat
Apple Warns UK iPhone Users of Critical Zero-Day Threat

Apple has issued a warning to all iPhone users in the UK to update their devices immediately following the discovery of critical security vulnerabilities that may have been exploited in targeted attacks. The latest iOS update, version 26.2, addresses two significant flaws in WebKit, the engine powering Safari and other browsers like Chrome and Edge.

The vulnerabilities, classified as zero-day exploits, could allow hackers to spy on affected phones and execute code without permission. One issue, a 'use-after-free' bug, enabled malicious websites to infect device memory even after the site was closed, potentially granting access to the microphone, camera, or GPS. The other, a memory corruption problem, could crash the system or disable security features.

Apple confirmed it was 'aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals' on older iOS versions. The US Cybersecurity and Infrastructure Security Agency (CISA) has added the bugs to its Known Exploited Vulnerabilities Catalogue, indicating prior hacker activity.

Wide Pickt banner — collaborative shopping lists app for Telegram, phone mockup with grocery list

While mass attacks are unlikely, individuals such as human rights dissidents, political figures, and journalists may have been at risk, similar to past state-sponsored spyware like Pegasus. Apple has also fixed other issues, including a flaw allowing hidden photos to be viewed without authentication and password fields being revealed during FaceTime remote control.

Users are urged to go to Settings > General > Software Update to install the patch. Restarting the phone can offer temporary protection by clearing temporary memory, but it is not foolproof against sophisticated attacks that may have established permanent access.

Pickt after-article banner — collaborative shopping lists app with family illustration