Apple Warns iPhone Users of Mercenary Spyware Threat Exploiting Outdated iOS Versions

Apple has issued a stark warning to iPhone users worldwide, alerting them to a growing threat from 'mercenary spyware attacks' that can compromise devices without requiring user interaction. These attacks exploit critical vulnerabilities in older versions of iOS, the operating system that powers Apple's mobile devices. According to the tech giant, the primary risk stems from the large number of users who have not updated to the latest software version, iOS 26, which contains crucial security patches. The failure to update leaves millions of devices exposed to sophisticated cyber threats that can operate in the background, stealing sensitive data without users even realizing they've been targeted.

The vulnerabilities in question center around the WebKit engine, a core component of iOS responsible for rendering web content in Safari and other apps. Hackers have been exploiting weaknesses in WebKit to execute malicious code remotely. These attacks are particularly insidious because they don't require victims to click on suspicious links or download files. Instead, they rely on 'zero-click' exploits, which can be triggered simply by visiting a compromised website or viewing an innocuous-looking message. Once activated, the spyware can install itself on the device, granting attackers full remote access to personal information, including messages, emails, photos, and even real-time location data.

Apple has confirmed that these attacks have been used in highly targeted campaigns, often aimed at high-profile individuals such as journalists, activists, and politicians. The company emphasized that the threat is not limited to these groups, but is instead 'global and ongoing.' Approximately one billion iPhone users are still running outdated versions of iOS, making them potential targets for these advanced attacks. The hackers behind these operations are described as 'exceptionally well-funded,' with some reports suggesting that they have even used fake Apple alerts to trick victims into revealing their iOS versions or other sensitive details. Apple has reiterated that legitimate notifications from the company will never ask users to click links, install apps, or provide passwords via email or phone calls.

The solution, according to Apple, is straightforward: update to iOS 26 or the newer iOS 26.2 version. These updates include critical security enhancements that address the vulnerabilities exploited by cybercriminals. The patches specifically target weaknesses in WebKit, the iPhone's kernel, and key apps such as FaceTime, Messages, and the App Store. By implementing stricter memory management, improved website validation checks, and enhanced security protocols, the updates significantly reduce the risk of exploitation. However, Apple has warned that users who fail to update their devices are leaving themselves vulnerable to ongoing threats, as older iOS versions no longer receive security updates.

Despite the urgency of the situation, statistics suggest that only a small fraction of iPhone users have adopted iOS 26. As of early 2026, Malwarebytes Labs reported that just 16 percent of users had downloaded any version of iOS 26. This low adoption rate underscores the challenge Apple faces in ensuring widespread protection against these sophisticated threats. It also highlights the importance of user education, as many individuals may not fully understand the risks of running outdated software or the steps required to secure their devices.

It is worth noting that older iPhone models, including those from the iPhone 8 and earlier, are not compatible with iOS 26. This leaves a significant portion of the user base—particularly those with older devices—without access to the latest security features. Apple has acknowledged this limitation but has not provided alternative solutions for these users. For them, the only protection available is to avoid visiting compromised websites or interacting with suspicious content, a strategy that is far from foolproof in the face of such advanced cyber threats.

Apple's warning comes amid a broader trend of increasing cyberattacks targeting mobile devices. The company has described the current threat as some of the most advanced digital dangers in existence, given the scale, sophistication, and financial resources involved. While Apple has not named specific groups responsible for the attacks, it has stressed that these operations are driven by mercenary actors, meaning they are motivated by profit rather than political or ideological goals. This distinction is critical, as it indicates that the threat is not limited to state-sponsored actors but also includes private entities willing to sell access to high-value targets for financial gain.

In conclusion, the situation underscores the importance of keeping mobile devices updated with the latest security patches. For Apple users, this means ensuring their devices are running iOS 26 or newer. For others, particularly those with older hardware, it highlights the need for caution and vigilance in online activities. As cyber threats continue to evolve, the responsibility for security lies not only with technology companies but also with users who must take proactive steps to protect their data and privacy.