Apple released a new version of iOS for iPhone 11 and later on Dec. 12, alongside a slate of security updates for older iPhones and other devices, warning that one of the patched flaws could allow attackers to take control of a device by tricking users into opening malicious web content.

The update, iOS 26.2, addresses dozens of security vulnerabilities across core parts of Apple’s mobile operating system. Apple stated that it is aware that at least one of the flaws may already have been exploited in a highly targeted attack.

“Processing maliciously crafted web content may lead to arbitrary code execution,” the company stated in its security advisory.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.”

Web Browsing Flaw Draws Warning

The vulnerability flagged by Apple affects WebKit, the browser engine that powers Safari and many apps that display web content on iPhones and iPads. According to Apple, the issue could allow attackers to run their own code on a device if a user visits a malicious website or opens specially crafted web content.

Apple stated that the flaw was addressed through improved memory management, part of a broader set of WebKit fixes included in the update. Several other WebKit-related issues patched in iOS 26.2 could cause crashes, memory corruption, or unexpected app behavior when processing malicious content, according to the company.

Apple does not typically provide technical details on how vulnerabilities are exploited, citing customer protection concerns, but the company’s acknowledgment of a possible real-world exploit suggests that the issue is serious.

“Keeping your software up to date is one of the most important things you can do to maintain your Apple product’s security,” the company stated on its security releases page.

Additional iPhone and iPad Fixes

Beyond WebKit, iOS 26.2 includes fixes across a broader range of system components and built-in apps.

Apple said it patched an App Store permissions issue that could allow an app to access sensitive payment tokens, as well as several FaceTime-related flaws that could allow attackers to spoof caller ID information or cause password fields to be unintentionally revealed when remotely controlling a device using FaceTime.

Other fixes address issues with messages, photos, screen time, and system frameworks. Some vulnerabilities could have allowed apps to access sensitive user data improperly, identify which other apps were installed on a device, or cause system instability.

Apple also patched kernel-level issues, including one that could allow an app to gain elevated privileges, giving attackers deeper access to the operating system if exploited.

Updates for Older Devices and Other Platforms

For users with older iPhones that do not support iOS 26, Apple released iOS 18.7.3 for iPhone XS and later models. That update includes many of the same categories of fixes, including WebKit vulnerabilities, image-processing bugs, and kernel-related issues, according to Apple.

The company also issued security updates across its broader product lineup. On the Mac, Apple released patches for macOS Tahoe 26.2, macOS Sequoia 15.7.3, and macOS Sonoma 14.8.3, along with Safari 26.2 for supported macOS versions.

Security updates were also published for Apple TV, Apple Watch, and Apple Vision Pro, with tvOS 26.2, watchOS 26.2, and visionOS 26.2 addressing vulnerabilities tied to system components such as WebKit, data and memory handling, and open-source libraries.

How to Manually Update Devices

iPhone and iPad users can check for updates by opening the Settings app, tapping General, and then selecting Software Update. If an update is available, users can tap Update Now and follow the on-screen instructions.

Users can also enable automatic updates from the same menu, so future security updates are installed automatically.

Mac users can update by clicking the Apple menu in the upper-left corner of the screen, selecting System Settings (or System Preferences on older versions), choosing General, and then clicking Software Update. If an update is available, click Update Now and follow the prompts.

Apple Watch users can update through the Watch app on their iPhone by tapping General, then Software Update, and selecting Download and Install.

Apple TV users can install updates by navigating to Settings, selecting System, choosing Software Updates, and then selecting Download and Install if an update appears.