Apple has released an emergency security update for its iOS operating system, urging all iPhone users worldwide to install it immediately, after discovering serious security vulnerabilities that could expose devices and personal data to hacking.
The new update, iOS 26.3, addresses a total of 39 security vulnerabilities that could allow attackers to access private information, disable applications, or gain complete control of the device, either through physical access or through malicious files and websites.
Despite the importance of all the fixes, Apple focused particularly on a critical vulnerability known as a "zero-day vulnerability," discovered in the Dynamic Link Editor (dyld), the system responsible for managing application execution within iPhones. This component acts as a crucial layer of protection, as all applications pass through it before running, which typically helps to isolate them from sensitive data.
This vulnerability allows attackers to bypass security checks and run malicious code before protection systems can stop it. Apple confirmed on its support page that it has received reports indicating the vulnerability may have already been exploited in sophisticated attacks targeting specific individuals on older versions of iOS.
The company addressed the vulnerability by strengthening security restrictions, fixing memory errors, and preventing applications from bypassing protection systems or gaining unauthorized access to personal data, stressing that installing the update as soon as possible is a crucial step to maintaining device security.
The security updates are not limited to iPhones only, but also include iPads, Macs, Apple Watches, Apple TVs, and the Safari browser, with the aim of patching vulnerabilities that can be exploited through malicious content or through direct access to the devices.
Cybersecurity experts warn that exploiting the dyld vulnerability could allow hackers to run any code on the device, potentially leading to the installation of spyware without the user's knowledge.
Peter Arntz, a security researcher at Malwarebytes, said that this type of attack is extremely dangerous because of its stealthy nature and its ability to operate for long periods without being detected.
According to experts, these risks could make the iOS 26.3 update one of the most important security updates in the history of iPhones, especially since zero-day vulnerabilities are often linked to advanced espionage attacks targeting corporate employees, government officials, and journalists, although ordinary users may also be affected.
Jawad Malik, senior security advocacy advocate at KnowBe4, said that "anyone can become a collateral victim," emphasizing that the practical solution is to install updates as soon as they are released. Adam Boynton, senior director of enterprise strategy at Jamf, pointed out that organizations face a greater risk due to the time lag between the release of an update and its actual implementation within their work environments.
The danger of the vulnerability lies in its ability to give attackers almost complete control over the device, making an immediate update the most effective way to protect personal data.
Security experts advise users to pay attention to potential signs of a breach, such as rapid battery drain, overheating, or the appearance of unfamiliar applications. If a breach is suspected, it is best to stop using the device immediately, although restarting it may temporarily disable the malware in some cases.
It is also recommended to avoid untrusted links and attachments, check the sources of messages, and restart the device periodically as an additional precautionary measure.
Apple confirms that it sends direct notifications to users it believes are targeted by advanced attacks, stressing that these alerts never ask users to click on links, download files, or share passwords or verification codes.
For those who need the highest levels of protection, especially those with sensitive accounts, the company offers "Lockdown Mode," which provides advanced defense against spyware, although it limits some device functions.
