iOS 26.2—Apple Releases Critical Update For 1 Billion iPhones - Forbes

iOS 26.2—Apple Releases Critical Update For 1 Billion iPhones - Forbes
December 13, 2025 at 3:45 PM

Apple iOS 26.2 is here—and it’s a critical security update you should install now. Apple confirms two of 20+ fixes address WebKit flaws that may already be exploited in “extremely sophisticated” attacks, days after it warned users worldwide about spyware campaigns.

Why this matters

  • Two actively exploited WebKit vulnerabilities: CVE-2025-43529 and CVE-2025-14174, disclosed by Google’s Threat Analysis Group (TAG).
  • Risk: maliciously crafted web content can trigger memory corruption. The linked WebKit bugs strongly indicate a chained, commercial spyware attack targeting iOS 26 and earlier.
  • Timing hints at urgency: a second release candidate appeared for testers this week, and Apple shipped on a Friday—both suggest last‑minute, serious fixes.

What’s new in iOS 26.2 (beyond the patches)

  • AirDrop security PIN for transfers to people outside your contacts, better securing file and media sharing.
  • Localized emergency alerts that request your location when needed.
  • Ongoing iOS 26 platform push: new scam defenses and Safari’s anti‑fingerprinting defaults help close the gap with Android.

Update now

  • On your iPhone, go to Settings > General > Software Update and install iOS 26.2 as soon as it appears.
  • Even if you can technically stay on iOS 18 and keep it updated, you shouldn’t—install iOS 26 and this 26.2 patch promptly.

Expert perspective

  • Cyber Press: both vulnerabilities were found with Google TAG and tied to targeted exploitation campaigns; likely part of a zero‑day chain used for espionage or surveillance.
  • Qualys’ Mayuresh Dani: “In all probability, these vulnerabilities have been chained to achieve exploitation.”
  • The Hacker News: the Apple/Google disclosure and WebKit focus point to highly targeted mercenary spyware; WebKit underpins all iOS browsers, including Chrome, Edge, and Firefox.
  • BeyondTrust’s James Maude: while currently targeted, these exploits will quickly become “must‑have” tools for more threat actors.

Extra context

  • Google recently enabled Pixels to connect via Apple’s AirDrop protocol through reverse engineering. There’s no sign this update blocks that, though Apple may try to close such workarounds over time.

Bottom line: treat iOS 26.2 as a priority security update and install it immediately.

Source: https://www.forbes.com/sites/zakdoffman/2025/12/13/apple-ios-262-release-date-critical-update-for-1-billion-iphones/

Back…