Apple has issued a particularly serious security warning after detecting a wave of highly sophisticated cyberattacks against iPhone usersWe're not talking about your typical fraudulent SMS or a standard phishing email, but rather attacks capable of taking control of your phone without the owner touching anything on the screen.
The company acknowledges that these incidents are one step ahead of standard defenses: They exploit unknown flaws in the system and employ techniques designed to circumvent iOS security mechanisms.In some cases, not even the quick patches that Apple usually publishes They are sufficient if the attack has already been executed before the update reaches the device.
The biggest concern lies in the nature of these vulnerabilities, known as zero-day vulnerabilities, which are exploited before the developers themselves know they existThis means that, for a time, the attackers have a complete advantage, and there is still no solution available to the general public.
While Apple investigates and prepares the fix, The iPhone may have been exposed for weeks or months.And the user has hardly any way of noticing that something is wrong. There are no strange warnings, no obvious performance drops, and no unusual screens to betray the problem, which makes detection even more difficult.
An alert that is not massive, but is critical: what these cyberattacks are like
According to the company, the incidents detected They don't fit with massive fraud campaigns or indiscriminate attacks.These are targeted operations, with a high level of technical sophistication, in which attackers carefully select their targets; sometimes these campaigns resemble advanced threats such as AI-powered cyberattacks that increase the accuracy of the selection.
The star method of these offensives are the so-called “zero-click” exploitsIn practice, this means that an iPhone can be compromised without its owner clicking a link, opening an attachment, or agreeing to install anything. It only takes the device receiving malicious content or visiting a website specifically designed to execute the harmful code.
In many cases, these attacks rely on zero-day vulnerabilities embedded in key components such as WebKitThe engine that powers Safari and web browsers on iOS. While the vulnerability remains hidden, simply accessing a malicious website can allow a hacker to execute commands on the phone or tablet without the user's permission.
Apple has admitted that these cyberattacks are designed to to circumvent traditional security barriers and even avoid leaving a lasting traceThis means that part of the spyware loads into memory and disappears upon restarting, making it very difficult to find clear evidence of the intrusion without advanced forensic tools.
Apple's own security teams and external groups such as Google's Threat Analysis team have detected critical flaws categorized as high-impact vulnerabilitiesSome of these vulnerabilities are classified with identifiers such as CVE-2025-43529 (use-after-free memory vulnerability) or CVE-2025-14174 (memory corruption vulnerability). These vulnerabilities allow, in certain scenarios, the execution of arbitrary code on the target device.
Who is in the crosshairs and why are these attacks so valuable?
Despite the understandable concern generated by an alert of this magnitude, Apple insists that This is not a widespread attack against all iPhone users.Those responsible for these operations seek very specific profiles whose monitoring can provide political, economic, or strategic advantages.
Among the most common objectives are journalists, activists, human rights defenders, lawyers, diplomats or public officialsThat is, people who handle sensitive information, participate in delicate negotiations, or influence political and social processes.
The software used falls into the category of next-generation spyware, with capabilities far superior to those of an ordinary Trojan.Once inside the phone, you can access calls, messages and emailsbrowsing histories, documents, and location data with a level of detail that turns the device into a permanent window into the victim's life.
In certain scenarios, It is even possible to activate the microphone or camera without the user noticing.This behavior transforms the mobile phone into a covert surveillance tool, something especially worrying in professional or institutional environments where confidential matters are discussed.
Adding to this situation is a factor that exacerbates the problem: the proliferation of iOS versions. Apple has confirmed that The most delicate patches and the most advanced defenses are concentrated in the latest version of the system, iOS 26.while earlier editions receive only some of the corrections or do so later.
Internal and industry reports indicate that A very high proportion of users are still on previous versions like iOS 18This is largely because Apple extended its security support. This decision has contributed to millions of devices continuing to use a system less protected against the most sophisticated attacks.
Updates, exposure window, and slow adoption of iOS 26
One of the key points of the alert is the delay in adopting the latest version of the system. Apple estimates that Around half of compatible iPhone owners have not yet upgraded to iOS 26, although this edition includes fixes for the latest critical vulnerabilities detected.
Figures published by the industry reflect that, months after the launch of iOS 26, Installation rates ranged between 16% and 20%.This is significantly lower than usual for other major iPhone updates. The situation is similar in Europe and Spain, with many users choosing to wait and see what happens before installing a new version.
It has been speculated that some of this reluctance could be related to profound changes in visual design introduced with iOS 26, such as the new “Liquid Glass” stylewith translucent interfaces and more aggressive depth effects. Some users have described these changes as confusing or visually overwhelming, which may have generated some initial resistance.
The problem is that, beyond aesthetic tastes, Postponing the update lengthens the window in which the device is unprotected.Between the time a vulnerability is discovered, a patch is developed, and it actually reaches the phone, attackers can take advantage of any delay to infiltrate the system.
In addition, many users They postpone updates due to lack of space, fear of incompatibilities, or simple lack of knowledgeIn Spain, it's common to find iPhones that have been displaying the "update pending" message for months without anyone bothering to install it, which, in the current context, represents unnecessary exposure.
It is worth remembering that, although Apple has maintained support for iOS 18 with revisions such as 18.7.3, The most powerful defenses against next-generation attacks arrive first—and sometimes only—on iOS 26Staying on an older version means giving up the protection of the latest patches, precisely those designed to stop these types of targeted cyberattacks.
Affected models and technical failures under scrutiny
The security alert is not limited to a single specific model. According to Apple's technical documentation, The devices with the greatest potential risk include a large part of the recent iPhone and iPad range..
The teams listed include iPhone 11 and lateras well as several latest-generation iPads: 12,9-inch iPad Pro (from the third generation onward), 11-inch iPad Pro (from the first generation onward), iPad Air from the third generation onward, standard iPad from the eighth generation onward, and iPad mini from the fifth generation onward. For tablet users, it is advisable to consult specific guides on isolation mode on iPad and its implications.
The discovered flaws primarily affect navigation and memory management components. Apple has described use-after-free errors and memory corruption problems which, if not corrected, would allow an attacker to execute arbitrary code when visiting a prepared website or processing certain malicious content.
To address these problems, the company has published Specific updates for iOS 26 (including iOS 26.2) and security patches for iOS 18.7.3In addition to parallel patches on other systems such as macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2, and Safari 26.2, the goal is to align the level of protection across the entire ecosystem and close the door to any known exploitation attempts.
Beyond the technical jargon, the experts' message is clear: If your device is on the list of models compatible with these updates, you should install the patch as soon as possible.And if in doubt, it's worth manually checking in Settings for any pending new versions, rather than relying on automatic downloads to do it on their own.
What does Apple recommend to reduce everyday risk?
Alongside the release of patches, Apple has published a series of guidelines to minimize exposure to these types of cyberattacks. The main recommendation is clear: Keep your iPhone updated to the latest version of iOS available for your deviceThe process can be started from Settings > General > Software update, and usually takes only a few minutes to complete.
Another simple but very useful measure is restarting the iPhone frequentlySecurity researchers, such as those at Malwarebytes, point out that much of the advanced malware runs in memory without persistent installation, so a simple shutdown and restart can eliminate, at least temporarily, active malicious processes.
Experts do warn, however, that These restarts are not a definitive solution if the spyware has achieved persistence.since it could be reactivated. Even so, in very sophisticated attacks, some spyware tools prefer not to leave a permanent trace, relying precisely on the fact that the user rarely restarts the phone, something that is quite common in Europe and Spain.
For those who believe they may be targeted by advanced threats—due to their position, public exposure, or the type of information they handle—Apple offers an extra layer of protection: the Lockdown modeThis feature, included in recent versions of iOS, hardens the iPhone's settings to the maximum to reduce the attack surface.
Activating this mode They limit attachments in messaging applications, restrict certain web technologies, block potentially unsafe wired connections, and stop calls or invitations from unknown numbers or accounts.It is a protection designed, above all, for journalists, activists, staff of European institutions, public officials or professionals who may be under the scrutiny of groups with resources.
The downside of this protection is that Daily use of the iPhone becomes somewhat less convenient.Some websites stop working as usual, certain files won't open, and some features are disabled. Apple emphasizes that Lockdown mode isn't intended for the average user, but rather for high-risk scenarios, yet it's available to anyone who feels their situation warrants it.
The best defense involves combining Rapid updates, prudent usage habits, and, for the most sensitive cases, reinforced security measures such as Lockdown modeAlthough this threat doesn't affect all iPhone users equally in Spain or Europe, ignoring warnings and leaving the device unupdated increases the chances of becoming the target of an attack that, in many cases, doesn't even leave visible traces.
