Updated on Jan. 27 with new security information on Apple’s new update and an innovative privacy feature just confirmed for iPhone, coming in days.
The need for Apple users to reboot their iPhones continues to make headlines (1,2), albeit the reasons behind this are less well understood. This is not just an alarming new attack that has caused chaos across the iWorld. This is an alarming number of iPhone users that have not installed security fixes that Apple released a full 6 weeks ago.
Let’s be very clear. Apple issued fixes in mid-December and warned users to update. For that 6 week period, iPhones not updating have not been secure. That changes the nature of those devices and undermines the reason to buy an iPhone in the first place.
The actual number of affected users is unclear. Some analysts suggest more than half of all iPhones, but that is overstated. The number is material. Likely hundreds of millions of devices, even when using more balanced market share metrics.
In December, Apple warned that iPhones are under attack from two exploits to its WebKit software. These started as “extremely sophisticated attacks against specific targeted individuals.” But security analysts quickly warned that WebKit vulnerabilities are especially dangerous, and will leak out to less sophisticated attackers.
Apple’s decision to withhold an iOS 18 update in December for any iPhones able to run iOS 26 also means those hundreds of millions of devices have likely not restarted. And they won’t, not until users do so manually or finally device to upgrade to iOS 26.
While many security agencies advise users to restart phones regularly — as often as weekly. Very few users do that. And in reality, if you don’t restart your iPhone regularly, you’re unlikely to be caught out. That’s not to say it’s not good practice — it is.
That combination of active attacks and Apple’s decision to force users to upgrade to iOS 26 resulted in a unique combination of factors that make it more critical to restart your iPhone. And to do so regularly until you do eventually upgrade to iOS 26.
It’s not just the WebKit flaws that matter. Apple included more than 25 security fixes in iOS 26.2, any of which could affect your device. And Apple is unlikely to warn if any of those are exploited now they’re public domain. It has issued fixes. The vulnerabilities have been closed. Users are uniquely choosing to ignore those fixes en masse.
The best advice — update now, don’t even wait for iOS 26.3 which is imminent. That way you get the fixes and the restart at the same time. And your iPhone is secure.
And the upgrade mandate for all those hundreds of millions of iPhone users persisting with iOS 18 will intensify with that iOS 26.3 release. This has some very specific security updates, as well as an expected raft of vulnerability fixes.
“While it doesn’t introduce innovative changes,” Geeky Gadgets says, “this update focuses on refining existing features, improving compatibility, and strengthening security.” The website suggests a release “by late January or early February.”
But critically, “security remains a central focus.” Per Economic Times, “while Apple has not detailed every fix, iOS 26.3 is expected to include additional security updates following the critical patches in iOS 26.2. Those earlier fixes required users to move up to iOS 26 from iOS 18, a shift that frustrated many.”
Beyond fixes, the key security upgrade is fully encrypted RCS messaging. “By adopting modern encryption standards,” Geeky Gadgets says, “Apple reinforces its commitment to protecting user data and keeping pace with evolving communication technologies. This update is particularly beneficial for users who frequently communicate across different platforms, as it enhances both security and compatibility.”
But don’t wait for iOS 26.3 — those 6 weeks are more than enough. Don’t leave it any longer and upgrade all eligible iPhones running iOS 18 to iOS 26 now. And on Monday, Apple gave all users avoiding iOS 26 yet more reasons to update now.
Not security fixes this time around. Apple says iOS 26.2.1 “has no published CVE entries,” although it does include bug fixes. More critically, this is another update where Apple enhances iOS 26. You can be certain that part of that focus is addressing issues holding iOS 18 users back from upgrading and securing those six-week-old fixes.
If you’re still not convinced, we now know that the forthcoming iOS 26.3 includes a major privacy update, one that has been more the preserve of Android recently.
Apple says, “with (its new) limit precise location setting, you can limit some information that cellular networks may use to determine your location.”
This privacy feature comes with iOS 26.3. As Apple explains, “cellular networks can determine your location based on which cell towers your device connects to. The limit precise location setting enhances your location privacy by reducing the precision of location data available to cellular networks.”
This means that “some information made available to cellular networks is limited. As a result, they might be able to determine only a less precise location — for example, the neighborhood where your device is located, rather than a more precise location (such as a street address). The setting doesn’t impact signal quality or user experience.”
It won’t help your location sharing via other apps, but it will help the hidden tracking available via networks themselves. You’ll find the new this within Settings > Cellular > Cellular Data Options, .and then within the settings for individual SIMs. You may need a restart before the new setting takes effect.
By the time iOS 26.3 hits, your iPhone will have been exposed to known threats for eight weeks or more. If you’re still holding onto iOS 18, don’t let iOS 26.3 pass you by as well.
