iPhone users across the world have been put on high alert after Apple issued an urgent security warning about a newly detected and highly sophisticated spyware campaign capable of stealing sensitive personal data without any user action.
The company said hackers are exploiting a previously unknown vulnerability to launch what cybersecurity experts describe as a “zero-click” attack — a method so stealthy that victims do not need to tap on a malicious link, download an attachment or respond to any message for their device to be compromised.
Certified Cyber Crime Investigator Course Launched by Centre for Police Technology
According to Apple, once the spyware infiltrates a device, attackers can silently access private messages, photos, contact lists, real-time location data and, in extreme cases, monitor calls. The breach happens entirely in the background, leaving no visible sign that the phone has been infected.
The threat is believed to disproportionately affect users running outdated versions of Apple’s mobile operating system. Devices operating on versions older than iOS 26 are considered especially vulnerable. Apple estimates that nearly one billion iPhones globally may still be using older software, placing a massive user base at potential risk.
Security researchers tracking the campaign say the spyware is designed to evade traditional detection tools by embedding itself deep within system processes. Unlike common malware, it does not rely on phishing links or fake apps, making it significantly harder for users to detect or prevent on their own.
Apple has rolled out a critical software patch and is strongly urging users to update their devices to iOS 26 or the latest iOS 26.2 version without delay. The company said the update contains security fixes that neutralise the vulnerability being actively exploited by hackers.
In an advisory to users, Apple also recommended restarting devices after installing the update. A full reboot, the company said, helps flush out any dormant malicious processes that may have embedded themselves in memory prior to the patch being applied.
“Keeping your device up to date is one of the most effective ways to protect yourself from evolving cyber threats,” Apple said, adding that users who continue to operate unsupported software versions face an increasing risk of data breaches in the future.
The company also reiterated its long-standing warning against social-engineering attempts that often accompany spyware campaigns. Apple clarified that it never asks users for passwords, one-time verification codes or personal credentials through phone calls, emails or text messages. Any such request should be treated as fraudulent and ignored.
Cybersecurity experts warn that zero-click spyware attacks are becoming more frequent and more dangerous as smartphones increasingly store banking details, personal documents, health data and private communications. Unlike conventional hacks, these attacks leave little forensic evidence, allowing intrusions to go unnoticed for long periods.
Users whose devices are no longer eligible for the latest iOS updates were advised to exercise heightened caution, limit sensitive activity where possible and consider upgrading to newer hardware that continues to receive security support.
Apple said it is continuing to monitor the threat landscape and will issue additional patches if required. The company has not disclosed details about the origin of the spyware or the groups suspected to be behind the attack, citing security reasons.
For now, the message from Apple is clear: update immediately, restart the device, and stay alert. In a digital ecosystem where a single vulnerability can expose an entire life stored inside a smartphone, delaying critical updates may come at a steep cost.
About the author – Ayesha Aayat is a law student and contributor covering cybercrime, online frauds, and digital safety concerns. Her writing aims to raise awareness about evolving cyber threats and legal responses.
