Apple has issued an urgent security advisory, urging iPhone users to update their devices after discovering two serious software vulnerabilities that were exploited in what the company described as “extremely sophisticated” attacks.
In a security bulletin released this week, Apple said the flaws affected WebKit, the browser engine used by Safari and all third-party browsers on iOS. The vulnerabilities could allow attackers to execute malicious code simply by convincing a user to visit a compromised website.
Apple confirmed that the vulnerabilities were actively exploited but emphasised that the attacks appeared highly targeted rather than widespread. “Apple is aware of a report that these issues may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the advisory stated.
The company has released emergency software updates for iPhones, iPads, and other Apple devices to address the flaws, and users were strongly urged to install the latest updates immediately to ensure protection.
While some reports suggested the warning applied to all of Apple’s estimated 1.8 billion iPhone users worldwide, cybersecurity experts noted that the attacks referenced by Apple do not indicate a mass compromise of devices. Rather, the warning underscores the seriousness of the vulnerabilities and the potential risk if devices remain unpatched.
Apple did not disclose the identities of the attackers or the targeted individuals, citing security reasons.
The advisory comes amid rising global concern over zero-day vulnerabilities — previously unknown software flaws that can be exploited before developers can issue fixes. Apple said it continues to investigate the incidents and reiterated the importance of keeping devices updated with the latest security patches.
