Apple issued urgent security warnings this week as iOS 26 adoption lags dramatically behind previous versions. The company confirmed active exploitation of two critical WebKit vulnerabilities affecting Safari and other iOS applications.
Statcounter data shows iOS 26 running on just 16.6 percent of devices as of January 2026, compared to around 70 percent for iOS 18 variants. The iOS 18.7 update alone, released alongside iOS 26 in September 2025, appears on nearly one-third of all iOS devices.
Security experts warn the vulnerabilities CVE-2025-43529 and CVE-2025-14174 enable sophisticated spyware attacks. Apple confirmed exploitation occurred before patch availability, with fixes only accessible through iOS 26 updates.
Industry reports suggest mercenary spyware services targeted iPhones using these zero-day flaws. The attacks leverage zero-click exploits that can compromise devices without user interaction.
"Users should urgently update all impacted Apple devices," said James Maude, Field Chief Technology Officer at BeyondTrust. "It will quickly become a must-have exploit for a range of threat actors."
Adoption data reveals complications beyond user preference. Apple changed Safari's user agent string in iOS 26 to report iOS 18.6 or 18.7 versions, a privacy measure that skews analytics tracking.
Only third-party browsers like Chrome and Edge report iOS 26 in their user agent strings. This means Statcounter primarily measures Chrome users who updated, not total iOS 26 adoption.
Condé Nast website traffic analysis shows more nuanced adoption patterns. In December 2025, 45 percent of iPhone Safari pageviews came from iOS 26 devices, compared to 76 percent for iOS 18 in December 2024.
Early adoption rates were similar between versions. About 25 percent of iPhone pageviews used iOS 18 in October 2024, versus 22 percent for iOS 26 in October 2025.
The Liquid Glass interface redesign introduced with iOS 26 features translucent, refractive elements that create depth and focus. Some users report finding the design confusing and visually distracting.
Apple has responded with customization options. The iOS 26.1 update added a "tinted" setting to increase contrast and opacity, while iOS 26.2 introduced lock screen clock opacity controls.
Security updates for iOS 18 have shifted to legacy device support. The iOS 18.7.3 update released December 12, 2025, only applies to iPhone XS, XS Max, and XR models that cannot upgrade to iOS 26.
Malwarebytes recommends regular device restarts to flush memory-resident malware. The security firm notes high-end spyware tools often avoid persistence mechanisms and rely on users not restarting devices.
Apple's security model differs between iOS and macOS. While Macs can receive security updates for multiple macOS versions simultaneously, iOS devices must upgrade to the latest supported version for patches.
The company released iOS 26 publicly on September 15, 2025. Four months later, adoption remains significantly below historical patterns for major iOS releases.
Cybersecurity researchers emphasize the urgency. "There's no workaround or user behavior that meaningfully mitigates this risk," said Darren Guccione, CEO of Keeper Security.
Affected devices include iPhone 11 and later models, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (8th generation and later), and iPad mini (5th generation and later).
Apple continues providing security patches for iOS 18 on devices ineligible for iOS 26 upgrades. This practice began in 2021 with iOS 14 support after iOS 15's release.
The WebKit vulnerabilities enable malicious websites to execute harmful instructions without user permission. Successful exploitation could allow device control, data theft, location tracking, and financial fraud.
Industry analysts will monitor whether iOS 26 eventually reaches the 80-90 percent adoption range typical for iOS versions. Slower adoption could signal lasting negative response to the Liquid Glass design language.
Apple faces its first opportunity to adjust Liquid Glass with iOS 27. The company's response to user feedback will shape future interface design decisions across its ecosystem.
