Apple is facing an unusual situation. Some of the most serious iPhone security threats in years are not spreading because Apple failed to patch them, but because millions of users are choosing not to install the updates that fix them.
Over the past few months, security researchers have confirmed that sophisticated spyware groups are once again targeting iPhones using newly discovered vulnerabilities. Apple rushed out emergency fixes, but there is a catch: for most users, those fixes only exist inside iOS 26 and its newer updates. If you stay on iOS 18, there is now no safety net.
That has created a quiet but serious risk. A huge number of iPhones are running software that Apple itself now considers unsafe.
Millions of iPhones are stuck on unprotected software
Normally, Apple users move to new versions of iOS fairly quickly. Unlike Android, every compatible iPhone gets the update on the same day. In previous years, more than half of all users had upgraded within a few months.
This time, that has not happened.
Various tracking services show wildly different numbers, but they all point in the same direction: iOS 26 adoption is unusually low. Even the most optimistic estimates suggest that around 40 percent of iPhones are still running older versions, mainly iOS 18. Pessimistic data puts the number much higher.
That matters because Apple quietly changed how it handles security updates. In the past, users who stayed on an older iOS version still received critical security patches. With iOS 26, Apple has stopped doing that for most devices. If your iPhone can run iOS 26, you no longer receive security fixes on iOS 18.
What this really means is simple. If you have not upgraded, your phone is exposed to known attack methods that criminals already understand.
Spyware groups are watching the delay
The threat here is not theoretical. The vulnerabilities Apple fixed late last year were already being used by mercenary spyware vendors. These are not ordinary hackers. They build tools designed to break into phones quietly, steal messages, track locations and monitor calls.
Once Apple publishes a fix, attackers know exactly what hole was closed. They then focus on people who have not yet updated. The longer users delay, the bigger that target group becomes.
Security experts are blunt about this. There is no setting you can change, no app you can install and no behaviour that will meaningfully protect you from these attacks if you are running unpatched software. Updating is the only defence.
Why people are avoiding iOS 26
So why are so many users staying away?
A lot of the backlash centres on Apple’s new Liquid Glass design. It introduces a translucent, layered look across the system, including the Home Screen, Lock Screen and many apps. Some users love it. Many do not.
Complaints range from the design being distracting to basic things being harder to see. People mention tiny buttons, busy menus and elements that seem to float without clear structure. For some, the phone feels less comfortable to use, even if it looks more modern.
That discomfort has been enough for millions of people to delay the upgrade. But what feels like a design choice is now turning into a security problem.
iOS 26.2 is not just about looks
The latest update, iOS 26.2, is Apple’s attempt to push the system forward. It brings improvements to apps like Apple Music, Podcasts and Games. It also adds more controls to adjust how the Liquid Glass interface looks, making it easier to tone down the transparency and visibility effects.
More importantly, it includes a fresh set of security patches. Apple does not publish the technical details, but these fixes close holes that attackers were actively trying to exploit.
If you install iOS 26.2, you get those protections. If you do not, you do not.
Updating is straightforward: plug your phone into power, connect to Wi-Fi, go to Settings, then General, then Software Update. From there you can download and install the new version.
What you cannot do is go backwards. Once you move to iOS 26, Apple does not allow you to return to iOS 18.
Apple’s emergency restart warning
As if that were not enough, Apple also issued a separate global security advisory in January. This one applies to iOS 17 and earlier, and it deals with a serious flaw that could allow attackers to run malicious code simply by sending a specially crafted notification or web link.
Apple’s advice was unusually direct: restart your iPhone.
Rebooting clears temporary memory and reloads the secure parts of the system, which removes any malicious code that might be sitting in the background. It is not a permanent fix, but it does block the attack until a proper update is installed.
For most people, restarting takes less than a minute. Hold the side button and a volume button, slide to power off, then turn the phone back on.
Apple has a bigger problem than bugs
Apple’s security model is built on fast updates. It assumes that when serious threats appear, users will install the fix quickly. That model is breaking down.
A large part of the iPhone user base is now stuck between a design they dislike and a security risk they may not fully understand. The result is millions of unpatched devices that attackers can target with growing confidence.
Apple can improve the interface, tweak the visuals and release more updates. But unless people actually install them, none of that matters.
Right now, the safest thing an iPhone user can do is very old-fashioned. Restart the phone, check for updates, and install them. Everything else is just hoping you are not one of the people the attackers decide to go after next.
