Apple has issued an urgent global security warning to its estimated 1.8 billion iPhone users, cautioning that their devices may be vulnerable to what the company described as “extremely sophisticated” cyber attacks unless they install the latest software updates.
In a security advisory released this week, the technology giant said it had identified critical vulnerabilities affecting its devices that have already been actively exploited in targeted attacks. The flaws were found in WebKit, the core browser engine that powers Apple’s Safari browser and all third-party browsers on iPhones and iPads.
Apple said the vulnerabilities could allow hackers to execute malicious code by luring users to compromised websites, potentially giving attackers unauthorized access to devices without the user’s knowledge. The company stressed that while the attacks appear to be highly targeted, the underlying weaknesses pose a serious risk to any unpatched device.
“Apple is aware of a report that these issues may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said in its advisory.
To address the threat, Apple has rolled out emergency software updates across its ecosystem, including iOS, iPadOS, macOS, watchOS and tvOS. The updates are designed to close the security gaps and prevent further exploitation, with Apple urging users to install them immediately.
Cybersecurity experts say vulnerabilities in WebKit are particularly dangerous because they affect nearly all web activity on Apple devices. Since Apple requires all iOS browsers to use WebKit, a single flaw can have wide-ranging implications across multiple apps and services.
Industry analysts have warned that even when attacks initially target a small group of individuals, public disclosure of such vulnerabilities can lead to broader exploitation if users delay updates. According to security specialists, once attackers understand how a flaw works, it can quickly be adapted for wider use.
Apple declined to provide further details about who was targeted or who may be behind the attacks, citing security concerns and ongoing investigations. The company reiterated that it follows a strict policy of withholding technical specifics until fixes are available to protect users.
“For our customers’ protection, Apple does not disclose, discuss or confirm security issues until an investigation has occurred and patches or releases are available,” the company said.
The warning adds to a growing list of zero-day vulnerabilities Apple has addressed in 2025, underscoring the increasing sophistication of cyber threats facing smartphone users globally. Security researchers note that high-profile individuals such as journalists, activists, politicians and business executives are often the primary targets of such attacks, though ordinary users can still be affected if they fail to update their devices.
Apple has advised users to ensure their devices are running the latest software versions and to remain cautious when browsing the web or opening links, even from seemingly trusted sources. The company also highlighted advanced security features, such as Lockdown Mode, for users who believe they may be at higher risk.
The latest advisory serves as one of Apple’s strongest warnings this year and highlights the evolving challenges of digital security in an era of increasingly complex and targeted cyber attacks.
