According to Forbes, Apple has released surprise updates for all eligible iPhones, including iOS 26.2.1 for iPhone 11 and newer, iOS 18.7.4 for older models, and patches for legacy systems like iOS 12.5.8. The company states these updates contain bug fixes with potential security implications, though no formal CVEs are listed. The installation process forces a device reboot, which security agencies like France’s CERT-FR and the NSA recommend to purge memory-resident spyware. However, a controversial decision from December means users on iOS 18 cannot get these fixes without upgrading to the major iOS 26 release. Analyst John Gruber’s data suggests iOS 26 adoption is at about 50% this month, lagging behind the 72% and 65% adoption iOS 18 and 17 saw at similar points, representing an estimated 200 to 300 million holdout devices.
The Reboot Is The Cure
Here’s the thing about this update: the most important part might just be the forced restart. It sounds simple, almost too simple. But agencies like CERT-FR are dead serious about it. A full shutdown wipes the device’s volatile memory clean. That’s where sophisticated, “non-persistent” spyware lives—it doesn’t save itself to storage, so a reboot kills it dead. Apple baking this into an update is a clever, low-key security win. It’s basically a free, automated cleanse for your phone. And given how rarely most people actually power cycle their devices, it’s probably a good thing it’s mandatory.
The iOS 18 Holdout Problem
But this exposes Apple’s unusual, and frankly awkward, position. They made a call with iOS 26.2 back in December: if you’re on iOS 18, you get no more discrete security patches. You have to take the full plunge to iOS 26. Now, looking at the numbers, that’s creating a massive gap. Gruber’s analysis, which tries to cut through the noise of skewed stats from StatCounter and TelemetryDeck, still points to a huge chunk of users staying put. We’re talking hundreds of millions of iPhones. Why? Maybe iOS 26 had a rough start. Maybe people just don’t like change. Whatever the reason, Apple’s all-or-nothing update strategy has left a security gray area the size of a continent.
What Should You Do Right Now?
So, the advice is pretty straightforward, but it comes in two tiers. The best move is to just update. Go to Settings, tap General, then Software Update, and get on iOS 26.2.1. You get the fixes and the clean reboot. Done. But if you’re absolutely determined to stay on iOS 18? You need to manually reboot your phone. Regularly. Like, once a week. It’s not a perfect solution, but it’s the only way to mimic the memory-clearing benefit of this update. Letting your phone run for months without a restart is, frankly, a risk you shouldn’t take.
A Precarious Balance For Apple
This situation puts Apple in a tough spot. They want to streamline their software support—it’s a huge engineering burden to maintain multiple major versions. I get it. But the consequence is a perceived downgrade in security for a *gigantic* portion of their user base. It’s a gamble that user inertia will eventually push people to the new OS. But what happens in the meantime? If a major, exploitable bug is found in iOS 18, Apple would face immense pressure to break its own rule. This policy might save them resources now, but it could cost them in trust later. For a company that sells itself on a secure, walled-garden experience, that’s a precarious balance to strike.
