In a rare and concerning disclosure, Apple has confirmed that certain iPhone users are actively being targeted by highly sophisticated cyberattacks. These incidents, reported in early January 2026, involve advanced spyware and zero-day exploits—vulnerabilities unknown to Apple until they are already exploited in the wild. Headlines such as “iPhones Under Attack, Apple Confirms” have circulated widely, highlighting the severity of the situation and urging immediate action from users.
Unlike common malware or phishing scams that affect large numbers of people indiscriminately, these attacks are highly targeted. They typically focus on specific individuals, such as journalists, activists, dissidents, politicians, diplomats, or other high-profile figures whose activities make them valuable targets for surveillance. The exploits often use “zero-click” methods, meaning no user interaction—like clicking a link or opening an attachment—is required for compromise. Simply receiving a message or, in some cases, visiting a malicious site can be enough.
The Vulnerabilities Behind the Attacks
The threats stem primarily from flaws in WebKit, the browser engine that powers Safari and many other apps on iOS. Key vulnerabilities patched in recent updates include CVE-2025-43529 and CVE-2025-14174, which Apple confirmed were actively exploited in real-world attacks on iOS versions prior to iOS 26. These issues allowed attackers to execute arbitrary code, potentially leading to full device takeover.
Apple addressed these in emergency updates released in late December 2025, including:
- iOS 26.2 (and iPadOS 26.2)
- Backported fixes for older supported versions, such as iOS 18.7.3
The company described the attacks as “extremely sophisticated,” a phrase it commonly uses for operations involving mercenary spyware—tools developed by private firms and often deployed by state-sponsored actors. While Apple does not publicly name the attackers or victims, the pattern aligns with past campaigns using tools like Pegasus or similar spyware.
Even with these patches, challenges remain. Adoption of the latest major iOS versions (like iOS 26) has been relatively slow, leaving many devices on older software exposed to known exploits. Moreover, in some cases, Apple has acknowledged that standard updates alone may not provide complete protection against the most advanced threats, especially if a device has already been compromised or if new zero-days are chained together.
Steps to Protect Yourself Right Away
Apple emphasizes that the vast majority of users are not at risk from these targeted operations. However, staying proactive is the strongest defense against both current and future threats. Here’s what you should do immediately:
- Update Your iPhone to the Latest Software
Navigate to Settings > General > Software Update and install any available updates. As of January 2026, prioritize iOS 26.2 or newer if your device supports it. For older models (such as iPhone XS or equivalent), install the latest compatible version, like iOS 18.7.3. Enable automatic updates to ensure you receive future security patches without delay. - Enable Lockdown Mode if You’re at Higher Risk
If you believe you could be personally targeted—due to your profession, activism, location, or if you’ve received an official Apple threat notification—turn on Lockdown Mode. This optional, extreme security feature restricts certain apps, web technologies, and functionalities to block common spyware vectors, such as zero-click exploits.
Go to Settings > Privacy & Security > Lockdown Mode, review the implications (it makes the device less convenient for daily use), and enable it. It’s designed specifically for rare, sophisticated attacks and is not recommended for everyday users. - Stay Alert for Phishing and Fake Alerts
Apple will never send unsolicited requests via text, email, or pop-ups asking you to click links, install profiles, or share credentials. Genuine threat notifications appear directly on your device or through official channels like email/iMessage from Apple. Avoid interacting with any “Your iPhone is under attack” messages that seem suspicious. - Follow General Security Best Practices
- Use a strong, unique passcode and enable two-factor authentication for your Apple ID.
- Avoid clicking unknown links or visiting untrusted websites.
- If you suspect compromise, back up important data (to iCloud or a computer) and consider erasing and restoring your device as a last resort.
Apple continues to release security updates regularly and collaborates with researchers (including Google’s Threat Analysis Group) to identify and patch vulnerabilities quickly. For the most up-to-date information, visit Apple’s official security releases page at support.apple.com/en-us/HT201222.
While these targeted attacks underscore the evolving nature of mobile threats—even against one of the most secure ecosystems—they also highlight Apple’s transparency and rapid response. For the average user, keeping your device updated remains the single most effective way to stay protected. Stay vigilant, update promptly, and your iPhone will be far more secure in an increasingly complex digital landscape.
About The Author
