January 13, 2026 – Apple has confirmed ongoing cyberattacks targeting iPhones through advanced mercenary spyware, but half of all iPhone users remain at risk because they haven’t updated to iOS 26.
The company fixed two major WebKit security holes in December 2025 that let attackers run harmful code through web content without users doing anything. The problem: the fixes only work on iOS 26.2, and data from StatCounter and TelemetryDeck shows 50 percent of users still haven’t upgraded.
Why Half of iPhone Users Are Still at Risk
Apple no longer gives security fixes to devices that can run iOS 26 but are still using older versions. This is a big change from how Apple used to support multiple iOS versions at once.
Numbers from StatCounter show between 20 to 60 percent of eligible users have moved to iOS 26, leaving hundreds of millions of iPhones open to known attacks. Many users refuse to upgrade because they dislike the Liquid Glass design feature, calling it hard to use and confusing.
Understanding the Threat
These attacks use zero-click exploits, meaning your device can get hacked without you clicking anything. While hackers first targeted journalists, activists, and diplomats, security experts warn these attacks usually spread to more people over time.
WebKit runs Safari and many other iOS apps, creating widespread risk. The security holes let attackers take control through harmful web content, including HTML emails.
What You Need to Do Now
Update right away: Go to Settings > General > Software Update to install iOS 26.2 on iPhone 11 or newer.
Restart your phone: A simple restart removes possible malware from memory. The National Security Agency recommends restarting your phone every week for added protection.
Turn on automatic updates: This keeps you protected as Apple finds new security problems.
Try Lockdown Mode: People at high risk should turn this on in Settings. It blocks many attack methods but makes your phone harder to use.
Check before clicking: Never open links or attachments from people you don’t know without checking first.
Why This Matters
Every day you wait makes your iPhone less secure. New security holes found after December 2025 only get fixed in iOS 26 and newer versions, making the gap bigger over time.
The security situation has changed. Waiting for Apple to improve the design or hoping they’ll fix iOS 18 won’t work anymore. Staying safe now means using the latest iOS version.
As Apple pushes iOS 27 with performance and AI enhancements, Android users face new updates too, though persistent Google Workspace messaging issues highlight ongoing cross platform challenges.
