New iOS and iPadOS Flaws Leave Millions of iPhones at Risk
Security
SHARE
Facebook X Pinterest WhatsApp

New iOS and iPadOS Flaws Leave Millions of iPhones at Risk

New iOS and iPadOS Flaws Leave Millions of iPhones at Risk

Image: Amanz/Unsplash

Critical iOS and iPadOS WebKit flaws put millions of iPhones and iPads at risk of silent takeover. Apple urges users to update immediately.

Written By
Joseph Ofonagoro
Joseph Ofonagoro
Jan 20, 2026

No clicks. No warnings. Full device access.

Apple confirmed two critical WebKit vulnerabilities affecting millions of iPhones and iPads. Exploiting CVE-2025-43529 and CVE-2025-14174 allows attackers to gain full device access, including passwords and financial data.

Here’s how the vulnerabilities occurred

According to this iOS and iPadOS security document, both flaws stem from two WebKit bugs that allow attackers to execute malicious code in Safari, thereby gaining further access to the device.

The exploitation process works as follows:

  • An attacker hides malicious code in a compromised webpage.
  • When the page loads, WebKit mishandles memory.
  • The flaw allows malicious code to run in the browser.
  • A second bug enables deeper access, exposing device data.

The vulnerability, known as a zero-click flaw, requires no user action to execute. With both flaws present, a breach can happen simply by visiting a website.

What Apple has done to address the flaw

Hacker News reported that before Apple discovered and patched them, these were zero-day vulnerabilities running in the wild. The fix is available in iOS 26.2, making most older iPhones and iPads ineligible.

Must-read security coverage

Here is what users should do

Apple urges all users to upgrade, especially those with the following devices:

  • iPhone 11 and later.
  • iPad Pro 12.9-inch, 3rd generation and later models.
  • iPad Pro 11-inch, 1st generation and later models.
  • iPad Air, 3rd generation and later models.
  • iPad, 8th generation and later models.
  • iPad mini, 5th generation and later models.

According to Fox News, the device categories on this list are more vulnerable than others.

Apple also issued iOS 18.7.3 to address these two WebKit vulnerabilities on iPhone XS, XS Max, and XR, as well as iPadOS 18.7.3 for iPad (7th generation).

Research cited by Fox News indicates attackers are targeting specific individuals. Their identities remain undisclosed. Similar targeted cyberattacks suggest political and public figures are the likely targets.

To many Apple users, device updates appear to add only designs and animations; however, the real value lies in the core security fixes. Device updates are critical for security, protecting users from flaws, such as those exploited automatically.

Want a look ahead? Check out what Apple may have in store next, with early iOS 27 rumors and features expected in 2026.
Joseph Ofonagoro

Joseph is a Technical Writer with about 3 years of experience in the industry, also advancing a career in cyber threat intelligence. He is passionate about the responsible use of technology, a passion that led him into cybersecurity. As an undergrad, he leads a novel community of technology enthusiasts at his school, NOUN, where he guides and shares resources for beginners in tech. His writing experience includes writing on a diverse range of topics, from consumer tech to startups and tutorials. Additionally, he periodically shares case studies and research reports on cybersecurity on his social media pages.