Apple urges iPhone users to upgrade as spyware threat grows

Mercenary spyware is targeting iPhones again, and Apple’s latest security patch helps users only on iOS 26. With millions slow to update, security experts warn that the risk is escalating fast. Here’s what’s happening and what you need to do.

Update lag leaves millions exposed

Although iOS 26 launched back in September 2025, its adoption rate has been surprisingly slow. According to tracking data, only a small fraction of iPhone users have upgraded, leaving hundreds of millions of devices running outdated software.

What’s concerning is that this gap comes in the wake of newly discovered spyware attacks. These aren’t hypothetical risks: security researchers have confirmed active exploitation of two critical vulnerabilities. Apple quickly issued patches, but only for the latest iOS version. That means users who haven’t made the switch to iOS 26 are stuck with no protection unless they upgrade.

Apple had originally signaled that a patch would be available for iOS 18, something that many users counted on. But that plan changed. Now, the security update (iOS 18.7.3) is offered only to older phones that can’t run iOS 26 at all, essentially forcing everyone else to adopt the new OS if they want to stay secure.

Frustration with iOS 26 is slowing adoption

One big reason for the hesitation is Apple’s new Liquid Glass design in iOS 26. While it looks sleek, users say it’s less intuitive. People criticize smaller icons, hidden buttons, and a generally more confusing layout. This frustration seems to be slowing what’s normally a fast adoption curve. In previous years, over half of users had updated within a few months. iOS 26 is trailing far behind that trend.

No patch, no protection

Security experts are clear: upgrading is the only effective defense. And Apple’s update strategy depends on users actually applying the patches. In contrast to the staggered, multiphase rollout typical of Android updates, Apple releases new software versions simultaneously to all compatible devices. But that helps only if users install them.

The stakes are high from a security perspective. Spyware developers, often backed by well-funded surveillance firms or state actors, actively exploit known weaknesses in outdated systems. Apple’s public patch notes can become a blueprint for attackers to reverse-engineer vulnerabilities.

Security depends on user action

To close the security gap, Apple has introduced new background security technologies designed to make protection more seamless. One such effort is Background Security Improvements, which aims to deliver patches in the background without requiring a full OS update. But these features are still relatively new, and they also depend on users being on the latest software version.

So far, those efforts haven’t been enough. The combination of design concerns and unclear messaging has left many users unsure about upgrading or simply choosing not to. But the security risks are growing, and attackers are quick to exploit delayed updates. The bottom line? If your iPhone supports iOS 26, it’s time to upgrade.

For more tips on security and IT in general, contact our team.