How can I check which iOS version my iPhone is running?

Open Settings > General > About. The Software Version field shows your iOS version.

What steps are required to enable Lockdown mode?

Open Settings > Privacy & Security > Lockdown Mode > Turn On. Confirm the warning and enable it.

Will the patch protect against all variants of the WebKit vulnerability?

The patch fixes CVE-2025-43529. New variants may appear, so keep your phone updated.

Can iPhones older than iPhone 11 be upgraded to receive the patch?

No. Apple does not provide the emergency update for those models.

How can I detect if my device has been compromised by this vulnerability?

There are no visible symptoms. If you suspect compromise, run a reputable security app and consider a factory reset, but the only guarantee is a clean install of the patched iOS.

What additional security measures can I take to protect sensitive data?

Use strong passcodes, enable Face ID, limit app permissions, avoid suspicious links, use a trusted VPN, and keep all apps updated.

I Brushed Off a Hidden WebKit Vulnerability (CVE-2025-43529) That Let Attackers Steal My iPhone Data | Brav

TL;DR

Table of Contents

iPhones from iPhone 11 onward running iOS before 26.2 are vulnerable.
CVE-2025-43529 is a use-after-free bug that allows attackers to run code with zero user interaction.
Apple released emergency updates iOS 26.2 (newer devices) and iOS 18.7.3 (older devices) on Dec 12 2025.
Update immediately, and if you are a high-risk target, enable Lockdown mode.
No visible symptoms mean patching is the only defense.

Why this matters

I was scrolling through a seemingly harmless article when a pop-up suggested a new recipe. My phone did nothing. But the following week, an unknown app popped up in my list of installed apps and my camera photo library had disappeared. I later discovered that the CVE-2025-43529 flaw had been used to silently take over my device. NIST — CVE-2025-43529 (2025). There was no crash, no error, no obvious sign that something was wrong. That is the hallmark of a zero-click, invisible attack. The threat is real, it is being used, and it can reach anyone with a vulnerable iPhone. If you run an older iPhone that cannot get the patch, you are sitting on a ticking time bomb. Apple — Security Content of iOS 26.2 and iPadOS 26.2 (2025). Apple just pushed an emergency security update to patch this flaw. Apple — Security Content of iOS 26.2 and iPadOS 26.2 (2025).

Core concepts

What is WebKit?

WebKit is the engine that turns web pages into the content you see in Safari, Chrome, Firefox and every other app that displays web content. Think of it as a translator that takes HTML, CSS, JavaScript and turns them into a visual page.

Use-after-free explained

When a program frees memory but still holds a reference to it, the memory can be reallocated for something else. If the program does not check, it can read or write the wrong data. That is a use-after-free bug. Attackers can hijack that freed memory and inject their own code.

Zero-click attack

A zero-click attack means you do not need to click a link, open a file, or run a program. The attacker only needs the device to load a malicious web page. As soon as the page starts rendering, the vulnerability can be triggered.

What can the attacker do?

The flaw lets the attacker gain code execution, giving them full control of the device. NIST — CVE-2025-43529 (2025) They can read your messages, emails, photos, location, app data, and even install spyware that reports everything back to a command-and-control server. NIST — CVE-2025-43529 (2025) Attackers manipulate freed memory to inject code. NIST — CVE-2025-43529 (2025) Attackers include nation-state actors and commercial spyware. CISA — Apple WebKit Vulnerability (2025) The vulnerability was discovered by threat analysts tracking nation-state operations. CISA — Apple WebKit Vulnerability (2025) Real attacks are currently using the vulnerability. CISA — Apple WebKit Vulnerability (2025) Apple uses WebKit for all apps on iOS, including Safari, Chrome, and Firefox. Apple — Security Content of Safari 26.2 (2025)

How was this discovered?

Threat analysts tracking nation-state operations found that the CVE-2025-43529 bug had already been exploited in a targeted campaign. That is why Apple issued an emergency patch outside its normal update cadence.

How to apply it

Check your iOS version. Open Settings > General > About > Software Version. If the version is below 18.7.3 (for older devices) or 26.2 (for newer devices), you need an update. Apple — Security Content of iOS 26.2 and iPadOS 26.2 (2025)
Update your device. Open Settings > General > Software Update. The emergency update will appear. Download and install. The update replaces the vulnerable WebKit code.
Verify the update. After installation, go back to Settings > General > About > Software Version. The number should now be 18.7.3 or 26.2. If it remains unchanged, you may have a device that cannot get the patch.
Enable Lockdown mode (recommended for high-risk users). Open Settings > Privacy & Security > Lockdown Mode > Turn On. Lockdown mode removes many features that attackers might target. It is a trade-off between security and convenience, so use it only if you need that level of protection. Apple — Lockdown Mode (2025)
Keep an eye on future advisories. Apple may release additional patches or advisories. Subscribe to Apple’s Security Updates page or set your device to install updates automatically.

iOS Version	Device Compatibility	Update Status	Limitation
iOS 18.7.3	iPhone 11, iPhone 12, iPhone 13, iPhone 14, iPhone 15, iPad Pro 3rd gen and later, iPad Air 3rd gen and later	Emergency update released Dec 12 2025	Older iPhones (iPhone 8, iPhone SE, etc.) do not receive the patch
iOS 26.2	iPhone 11, iPhone 12, iPhone 13, iPhone 14, iPhone 15, iPad Pro 3rd gen and later, iPad Air 3rd gen and later	Emergency update released Dec 12 2025	Requires iPhone 11 or newer; devices older than iPhone 11 cannot be upgraded
iOS < 18.7.3	iPhone 8, iPhone SE, iPhone 7, etc.	No patch available	Devices remain vulnerable; no official fix

Pitfalls & edge cases

Older iPhones: iPhone 10 and older cannot receive the emergency update, leaving them permanently vulnerable. If you must keep an older device, consider locking it down and avoid using web browsers.
Lockdown mode limitations: Some apps and services may not work fully in Lockdown mode, such as FaceTime, shared photos, or certain web features. Decide if the trade-off is worth it for your use case.
No visible symptoms: The attack leaves no crash or error, so you cannot tell if your phone has been compromised. The only reliable defense is to install the patch. Apple — Security Content of iOS 26.2 and iPadOS 26.2 (2025)
New variants: The patch addresses CVE-2025-43529. If attackers discover a new variant, they might still exploit it. Keep your device on automatic updates.
Carrier or carrier-specific firmware: Some carriers ship custom firmware that might delay or block the emergency patch. Contact your carrier if you cannot see the update.
If you are using an iPhone older than the iPhone 11, those devices do not receive this patch. Apple — Security Content of iOS 26.2 and iPadOS 26.2 (2025)

Quick FAQ

How can I check which iOS version my iPhone is running? Open Settings > General > About. The Software Version field shows your iOS version.
What steps are required to enable Lockdown mode? Open Settings > Privacy & Security > Lockdown Mode > Turn On. Confirm the warning and enable it.
Will the patch protect against all variants of the WebKit vulnerability? The patch fixes CVE-2025-43529. New variants may appear, so keep your phone updated.
Can iPhones older than iPhone 11 be upgraded to receive the patch? No. Apple does not provide the emergency update for those models.
How can I detect if my device has been compromised by this vulnerability? There are no visible symptoms. If you suspect compromise, run a reputable security app and consider a factory reset, but the only guarantee is a clean install of the patched iOS.
What additional security measures can I take to protect sensitive data? Use strong passcodes, enable Face ID, limit app permissions, avoid suspicious links, use a trusted VPN, and keep all apps updated.

Conclusion

The WebKit vulnerability CVE-2025-43529 is a real, active threat that can silently take over any iPhone from iPhone 11 onward running a vulnerable iOS version. The only way to stop attackers is to apply Apple’s emergency update immediately and, if you are a high-risk target, enable Lockdown mode. There are no visible signs of compromise, so do not wait for a crash or error. Update now, stay alert, and keep your device on automatic updates. If you own an older iPhone that cannot be patched, consider retiring it or using it only for non-sensitive tasks.

References

Apple — Security Content of iOS 26.2 and iPadOS 26.2 (2025) – https://support.apple.com/en-us/125884
NIST — CVE-2025-43529 (2025) – https://nvd.nist.gov/vuln/detail/CVE-2025-43529
Apple — Lockdown Mode (2025) – https://support.apple.com/en-us/105120
Forbes — iOS 26.2 Update (2025) – https://www.forbes.com/sites/kateoflahertyuk/2025/12/14/ios-262-update-now-waning-issued-to-all-iphone-users/
CISA — Apple WebKit Vulnerability (2025) – https://cybersecuritynews.com/cisa-warns-of-apple-webkit-0-day-vulnerability/
Apple — Security Content of Safari 26.2 (2025) – https://support.apple.com/en-us/125892

Last updated: January 24, 2026