Although iOS 26 was one of the most significant updates in years, its adoption has been painfully slow compared to previous releases. This is primarily due to users sticking with the older user interface and resisting the new Liquid Glass design. However, security experts are now sounding the alarm, warning that these outdated iPhones are at high risk from sophisticated threats and attacks.

According to StatCounter data, only approximately 16.3% of eligible iPhone devices were running iOS 26.2 as of January 2026. This means hundreds of millions of users are still using iOS 18 or older versions, creating a massive pool of vulnerable iPhone and iPad devices.

What Is the Latest Threat to iPhones?

The threats stem from two critical security flaws in WebKit, the engine that powers the Safari browser and almost all web content on Apple devices. Security researchers (via MalwareBytes) have described how attackers use these flaws to gain control of iPhones by using malicious websites to inject dangerous code. Once a device is successfully infiltrated, attackers can spy on users and steal credentials to access financial accounts.

The iPhone 17 and iPhone 16 share almost the same design, with identical camera layout and finish, showing how little has changed this year. Image source: nextpit

Even more concerning, Apple believes these exploits have already been actively used in the wild, specifically by mercenary spyware groups targeting high-profile individuals.

Which iPhones Are at Risk?

Apple began addressing these vulnerabilities in December 2025. However, the concern is that the primary patches were bundled with iOS 26.2, leaving users on older software exposed. While a small security update, iOS 18.7.3, was released for older devices like the iPhone XS and XR, Apple is reportedly pushing users with newer hardware directly toward iOS 26 to ensure they receive the full suite of memory protections.

The risks have been amplified now that the details of these flaws are public, allowing a wider range of attackers to focus their efforts on vulnerable devices. Impacted models include the iPhone 11 through the iPhone 16 (review) series, as well as several iPad models eligible for iPadOS 26.

What Is the Fix for This Security Flaw?

Because the patch is deeply integrated into the browser engine and Apple eventually stops shipping standalone security fixes for older versions, the only reliable remedy is to upgrade to iOS 26.2 or later.

Security experts also emphasize the importance of restarting your device. Rebooting helps disrupt and remove memory-resident scripts that may be running malware. It is a critical crossroads for users currently avoiding the Liquid Glass design: they must choose between an unfamiliar interface or leaving their personal data unsecured.

Which iOS version are you running on your iPhone or iPad? Are you skipping iOS 26 this time? We want to hear your thoughts in the comments.

We mark partner links with this symbol. If you click on one of these links or buttons–or make a purchase through them–we may receive a small commission from the retailer. This doesn’t affect the price you pay, but it helps us keep nextpit free for everyone. Thanks for your support! Prices are based on the date of publication of this article and may be subject to change.