Apple has rolled out an emergency iOS update, urging all 1.8 billion iPhone users to download it immediately.
The upgrade, iOS 26.3, fixes 39 security flaws that could let hackers view private information, crash apps, or take control of a device, either through physical access or malicious files and websites.
While all 39 issues are patched, Apple highlighted a particularly serious zero-day vulnerability in the Dynamic Link Editor, or dyld, which manages how apps run on iPhones.
Security experts described dyld as 'the doorman for your iPhone,' as every app must pass through it before it can run, and the system normally keeps apps isolated from private data.
This flaw lets attackers bypass those checks and run malicious code before security measures can stop them.
Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26,' the tech giant shared on its support page.
Apple has addressed dyld and other flaws with stronger protections to prevent apps from escaping restrictions, stop memory errors and block unauthorized access to personal data. Installing the update as soon as possible is critical to keeping devices and personal information safe.
To update your iPhone or iPad, go to Settings > General > Software Update, where you can see if the latest version is available and follow the prompts to install it.
Apple is urging all iPhone users to download the latest iOS to patch 39 security flaws
Users can also turn on Automatic Updates from the same screen to stay current.
The security updates cover iPhones, iPads, Macs, Apple Watches, Apple TVs and Safari, all designed to fix vulnerabilities that could be exploited via malicious files, websites, or physical access.
Exploiting the dyld zero-day flaw allows hackers to run any code on a device, potentially installing spyware or backdoors without the owner noticing.
Pieter Arntz, a security researcher at Malwarebytes, said this type of attack is particularly dangerous because it is stealthy and can operate undetected for long periods.
Experts said the attacks exploiting the dyld zero-day could be covertly installing spyware, making iOS 26.3 one of the most important iPhone updates ever, according to Forbes.
Spyware often targets business users, government employees, dissidents, and journalists, but ordinary users can also be affected.
'Anyone can be collateral damage,' Javvad Malik, lead security awareness advocate at KnowBe4, told Forbes.
'The practical takeaway is to install updates as soon as they become available.'
Businesses are particularly vulnerable, Adam Boynton, senior enterprise strategy manager at Jamf, told Forbes.
'For most organizations, there's a dangerous gap between when Apple ships a fix and when it actually protects your business, sometimes days, sometimes weeks, sometimes never.'
The severity of the flaw lies in the fact that it gives attackers complete control of the device.
For individual users, updating immediately is the simplest and most effective way to protect personal information and prevent attackers from gaining access.
Spyware attacks like the one linked to the iOS 26.3 zero-day flaw are particularly dangerous, and anyone who could be a target should take precautions.
Warning signs can include rapid battery drain, overheating, or unfamiliar apps appearing on your device.
If an iPhone is compromised, the safest approach is to stop using it immediately, though a restart can sometimes temporarily disrupt the malware.
Security experts also recommended regularly rebooting your device, avoiding unsolicited links or attachments, and verifying messages with trusted sources.
Apple notifies users it believes have been targeted, but these alerts will never ask you to click links, download files, or provide passwords or verification codes.
For those who want maximum protection, especially high-profile targets, Apple's Lockdown Mode offers the strongest defense against spyware though it limits some device functionality.