Apple Urges iPhone Users to Update for Critical Security Fixes

Apple security update iOS security zero-day exploit WebKit vulnerability iPhone security
Brandon Woo
Brandon Woo

System Architect

 
January 12, 2026 3 min read
Apple Urges iPhone Users to Update for Critical Security Fixes

TL;DR

Apple has released emergency security updates to patch actively exploited zero-day vulnerabilities in WebKit across iOS, iPadOS, macOS, and more. These updates address critical flaws discovered by Google and Apple, urging immediate action from users. While some older devices might be forced to update to the latest OS, a workaround exists for iOS 18 users via the public beta program.

Apple Issues Emergency Security Updates for iOS

Apple has released emergency security updates to address actively exploited zero-day flaws. These flaws target specific individuals using older iOS versions instead of iOS 26.

Vulnerabilities Addressed

Two vulnerabilities affecting WebKit are patched in these updates.

  • CVE-2025-43529: A use-after-free remote code execution flaw exploited via maliciously crafted web content. This was discovered by Google’s Threat Analysis Group.
  • CVE-2025-14174: A memory corruption flaw discovered by both Google’s Threat Analysis Group and Apple.

These vulnerabilities are related to a zero-day flaw that Google patched recently, initially tracked as 466192044 and now referred to as CVE-2025-14174, an out-of-bounds memory access in ANGLE.

Update Instructions

iPhone updating progress bar

Image courtesy of Tom's Guide

To stay protected, update your devices immediately. Navigate to Settings > General > Software Update. It's advisable to avoid updating via links or pop-ups and not rely solely on auto-updates immediately after a patch release, according to a security manager at JAMF.

Affected Versions

Apple has addressed these flaws in the following versions:

  • iOS 26.2
  • iPadOS 26.2
  • iOS 18.7.3
  • iPadOS 18.7.3
  • macOS Tahoe 26.2
  • tvOS 26.2
  • watchOS 26.2
  • visionOS 26.2
  • Safari 26.2

Given that WebKit is used across Apple's devices, updating your Mac, Apple Watch, and Apple TV is crucial.

Forced Updates to iOS 26

Some users who have remained on iOS 18 are being pushed directly to iOS 26, without being offered the iOS 18.7.3 security update. According to Jason Snell at Six Colors, this affects iPhone owners capable of running iOS 26 who have consciously chosen to stay on iOS 18 due to personal preference or app compatibility. Apple's support document provides more details on these software update rollouts.

Workaround for iOS 18 Users

A workaround involves signing up for Apple’s public beta program and opting into the iOS 18 public beta track to receive the 18.7.3 update.

Devices Eligible for iOS 18.7.3

Apple's security updates page confirms that iOS 18.7.3 is available for the following devices (those dropped by iOS 26 and iPadOS 26) via the public feed:

  • iPhone XS, iPhone XS Max, iPhone XR, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

This suggests that the ability to install iOS 18.7.3 via the public beta channel might be the anomaly, rather than the absence of the update in the main feed for devices capable of running iOS 26.

Enhancing Mobile Security with Gopher Security

Beyond these immediate updates, consider bolstering your mobile security posture. Like Gopher Security, which specializes in AI-powered, post-quantum Zero-Trust cybersecurity, can provide enhanced protection. Our platform converges networking and security across devices, apps, and environments using peer-to-peer encrypted tunnels and quantum-resistant cryptography.

Regular security scans are also advisable. While some Mac antivirus software options exist, only Intego's Mac antivirus can scan your iPhone or iPad for malware when connected via USB. However, Gopher Security can provide continuous, real-time protection without the need for manual scans, ensuring your devices are always secure.

For robust, AI-powered cybersecurity solutions, visit Gopher Security to explore our offerings or contact us for a consultation.

Brandon Woo
Brandon Woo

System Architect

 

10-year experience in enterprise application development. Deep background in cybersecurity. Expert in system design and architecture.

Related News

WhisperPair Vulnerability: Millions of Bluetooth Devices at Risk
WhisperPair attack

WhisperPair Vulnerability: Millions of Bluetooth Devices at Risk

Millions of Bluetooth audio devices are at risk from the WhisperPair vulnerability. Learn how attackers can eavesdrop and track your devices, and what you can do to protect yourself. Update your firmware now!

By Jim Gagnard January 20, 2026 3 min read
common.read_full_article
Tech Hiring Growth: 12-15% Increase in AI and Data Jobs by 2026
India tech job market

Tech Hiring Growth: 12-15% Increase in AI and Data Jobs by 2026

India's tech job market is set for a 12-15% surge in 2026, creating 1.25 lakh roles. Discover key sectors and skills in demand. Read more!

By Edward Zhou January 19, 2026 3 min read
common.read_full_article
January 2026 Patch Tuesday: Key Updates and Critical Fixes
Microsoft January 2026 Patch Tuesday

January 2026 Patch Tuesday: Key Updates and Critical Fixes

Microsoft's January 2026 Patch Tuesday is here! Discover 114 vulnerabilities, including one actively exploited flaw & 8 critical issues. Secure your systems now!

By Divyansh Ingle January 16, 2026 3 min read
common.read_full_article
Single-Click 'Reprompt' Attack Steals Data from Microsoft Copilot
Reprompt attack

Single-Click 'Reprompt' Attack Steals Data from Microsoft Copilot

Discover the 'Reprompt' attack: a single-click exploit targeting Microsoft Copilot. Learn how it works and how to protect your sensitive data. Read more now!

By Edward Zhou January 16, 2026 2 min read
common.read_full_article