Apple has just released the iOS 26.2 update, and it’s one you shouldn't ignore. The company has confirmed that this critical patch fixes over 20 security flaws, two of which were already being used in real-world, highly sophisticated attacks.

The most concerning vulnerabilities, identified as CVE-2025-43529 and CVE-2025-14174, were discovered by Google’s security team. They both target WebKit—the engine that powers every web browser on your iPhone, including Safari, Chrome, and Firefox. Apple warns that simply visiting a malicious website could have allowed attackers to corrupt the iPhone's memory and potentially take control. Security experts note that these kinds of linked, "chained" vulnerabilities are a classic signature of commercial spyware used for targeted surveillance.

While Apple states these attacks were likely aimed at specific individuals, the danger doesn't stop there. Once a security hole is public, other cybercriminals often rush to exploit it. The fact that Apple pushed this update on a Friday—unusual for the company—highlights the seriousness of the threat.

Beyond these urgent fixes, iOS 26.2 brings a couple of useful new features. It adds a security PIN to AirDrop for sharing files with people not in your contacts, and introduces a new localized emergency alert system. This release also continues Apple's push to get all users updated from iOS 18 to the more secure iOS 26 platform.

The message from security professionals is unanimous: update immediately. To get the patch, go to your iPhone's Settings > General > Software Update and download iOS 26.2 as soon as it appears. Delaying leaves your device exposed to potential exploits that are now publicly known.