Update Your iPhone ASAP to Avoid FaceTime Scams
On Friday, Apple dropped iOS 26.2, which brings some interesting and useful new features, like alarms for reminders and refinements to the Sleep Score on Apple Watch. However, updates aren’t all about the features; Apple typically includes a number of security patches with its software releases as well, making each update important to install.
iOS 26.2 Patches Some Serious Security Vulnerabilities
Perhaps most importantly from a security perspective, this release includes two patches for potential zero-day vulnerabilities. Meanwhile, these flaws are especially dangerous as they are either publicly disclosed or actively exploited before a developer has a chance to issue a patch—leaving users vulnerable to attack.
Both flaws (CVE-2025-43529 and CVE-2025-14174) affect WebKit, Apple’s platform for developing Safari and web browsers on iPhone. Consequently, bad actors could present users with malicious web content. Once the user processes it on their iPhone, it could lead to arbitrary code execution, which, essentially, allows the bad actor to run whatever code they want on your iPhone.
FaceTime Scams and Security Risks
Speaking of FaceTime, this update also patches a flaw that sometimes reveals password fields when remotely controlling a device over FaceTime. Therefore, if you were sharing your screen with someone over a video call, they might be able to see when you typed in your password and use that against you.
There’s also a patch for an issue that allowed an app to see other apps you had installed on your device—a major privacy and security vulnerability. In addition, if you use the Photos’ app Hidden feature to hide sensitive pictures you don’t want others to see, you’ll want to install this update ASAP, too: Previous versions of iOS contained a bug that made it possible to view these hidden photos without authentication.
iOS 26.2 Security Release Notes
For those interested in seeing all of Apple’s security patches in this update, the full release notes are as follows:
App Store: An app may be able to access sensitive payment tokens. CVE-2025-46288: floeki, Zhongcheng Li from IES Red Team of ByteDance
AppleJPEG: Processing a file may lead to memory corruption. CVE-2025-43539: Michael Reeves (@IntegralPilot)
Calling Framework: An attacker may be able to spoof their FaceTime caller ID. CVE-2025-46287: an anonymous researcher, Riley Walzcurl
FaceTime: Password fields may be unintentionally revealed when remotely controlling a device over FaceTime. CVE-2024-7264, CVE-2025-9086
It’s essential to update your iPhone as soon as possible to avoid these security risks and FaceTime scams.
Source: Link
