I second that, and thank you to Adam for “waiting” while I checked my iOS version number 
Thanks to that check I realised that, while I’m on 18.6.2, the ONLY option offered is upgrading to iOS 26 - which I really didn’t / don’t want to do.
In MacOS I have been offered MacOS 15 updates even though MacOS 26 is available, which I think is the right approach.
It’s a cat and mouse game. You’re never totally safe. You might be temporarily safe until the next exploits are discovered. Who is to say there aren’t also exploits discovered and in use on 26.3.1 that are yet to be disclosed? We just don’t know.
Personally, I’m OK with my status.
It seems ad blockers could block the filenames in this exploit. But that’s just another cat and mouse game.
I do wish Apple would allow 18.x.x upgrades for longer than they did, especially given the Liquid Glass concerns, which I find much more worrisome than visiting a compromised website.
It seems that Apple is emphasizing the importance of updating older software more than it usually has. I notice that it even informed users of some old iOS versions to expect a “Critical Security Update” in the “next few days,” something that Apple very rarely does.
Well, now we know how long my “I will resist Liquid Glass for as long as I can” actually lasted.
I just upgraded last night (thank you Adam, btw!), and so far it’s not bad, a few probably unnecessary visual fancy things (the distorted transparent folder icon things is weird, I mean when you slide the home pages or whatever they are called these days, and a background visual pulse when I tap the volume bar in the Sonos app) and the icons are strange, but not as bad as I had feared (yet).
We are far beyond the days of my first Mac, a Plus with no hard drive and with an external floppy in 1988. It was pretty awesome!
Or, just generally, sites run by small organizations seldom have the resources or knowledge to maintain as strong security as larger organizations. There are, of course, counter examples in both directions.
As others have said, since all browsers (or nearly all) use WebKit, yes, they’ll be vulnerable. And seriously, don’t overthink this. You can upgrade or turn on Lockdown Mode, but anything else is likely to let you down eventually.
Please don’t make unsupported accusations about such behavior—that’s how misinformation spreads.
As far as I’m aware, there’s no way to turn off JavaScript in Safari in iOS. Lockdown Mode does some of that. It’s possible that other browsers that still rely on WebKit could turn off JavaScript, but I suspect that would render many websites nonfunctional.
It’s not, at least in theory—the waffling is because there’s a difference in what was targeted, when Apple started and finished fixing the bugs, and what was detected by different researchers. 18.7.3 is the earliest version that has all the fixes. You may be able to get that by signing up for the beta program, or you can just upgrade to 26.3.1.
I doubt it because they aren’t executing JavaScript.
My suspicion is that non-browser apps are not vulnerable because, again, they’re not going to be executing JavaScript from arbitrary Web pages.
Good to hear! That’s where my test iPhone SE is as well, but it has been there for a while.
This is really problematic, and more support for why staying up to date is important.
Settings > Apps > Safari > Advanced > JavaScript
I also agree that would break the majority of sites, so it’s a double-edged sword (pun intended!)
Is that always true? I stopped using dedicated RSS clients a while ago in favor of a web-based aggregator, but my recollection is that most RSS clients capable of rendering HTML had JavaScript toggles.
<iVerify: We strongly recommend updating to iOS 18.7.6 or iOS 26.3.1. This will mitigate all vulnerabilities that have been exploited in these attack chains.>
My iPad Air 5 says I need to delete 15 gigs before IOS 23 can be installed. Right now I am on 18.7.3. How do I get 18.7 6?
Unfortunately, you can’t get to 18.7.6 on your iPad. Apple only is supporting updates to OS 26 for your model.
I think you’re okay with 18.7.3:
Sorry, you’re 100% right, or more. The initial sites I read on this dated back to 2019 and were more or less copied by other sites into 2024 so I started to think it wasn’t actual reality but then I chanced upon a fairly reputable page noting at least one aspect of ‘safe browsing’.
Legal - Safari & Privacy- Apple Fraudulent Website Warning:
…Before visiting a website, Safari may send information calculated from the website address to Google Safe Browsing and Apple to check whether the website is fraudulent or malware has been detected. For users with China mainland… The actual website address is never shared with the safe browsing provider. Google (and, for users with China…) may also log your IP address when information is sent to them…
(bold type by me for emphasis).
As an aside on the ‘safe browsing’ updates, Safari seems to do this on the Mac by itself, whether user uses Safari or not. I posted another topic a while ago about finding Safari running even though I hadn’t launched it or used it in years. Using Little Snitch I narrowed down the likely cause to Safari launching itself to check in with Google’s safe browsing database.
Now back to the regularly scheduled discussion of the actual Topic… 
I would like to confirm that Liquid Glass is no problem after changing many of the key settings that @ace described. And I also chose to have a solid olive color as wallpaper. (I do not remember if the article mentioned this, but it makes a big difference in the positive direction.)
What are the actual, real world dangers for someone like me? I don’t do any real “work” on my phone. I just make phone calls (gasp! That gives away my age), read and sometimes respond to emails, text with my wife and daughter and a couple of friends, and get driving directions. That’s about it. Anything real I do on my Mac or my iPad. My phone is maxed out at 18.6.2 (other than 26). Thank you all very much.
Is there any way to force 18.7.6 to be available to an iPhone 15 Pro? I’m trying to avoid 26. Maybe I’m nuts?
I’m not sure if this will really be a thing, but I suppose people could start sending messages to random phone numbers if they can figure out how to use that method now that the exploits are on GitHub.
Most message attachments are loaded and evaluated on iOS even without viewing them. In that case, perhaps turning on lockdown mode is the best choice, just to be safe?
Sorry, no. There are no more updates to iOS 18 or any other older version for any phone that can run iOS 26. Apple has done this every year for a long, long time.
Folks, 26 is fine. A bit annoying and I get it, but as opposed to having your entire life knowledge stripped from your phone? Is that less valuable than having a perfectly curved window sizing area? “I lost my credit cards but I have good UI” does not seem a reasonable trade balance.
True, if you have a modern iPhone with a strong battery. Older phones, although capable of running 26, may have issues especially with an old/weak battery.
That’s why I put my iPad mini 5 all of our iDevice in Lockdown mode. Seems fine to me.
If your battery is weak and you want to keep using the phone, replace the battery.
I’ve had no issues and I’ve not seen any general outcry about battery life with 26. What’s the tradeoff for you between lost battery life and your bank accounts being looted?
He did on one of his devices, and plans to on the remaining device
Also
“Reduce Transparency actually drains battery”
https://forums.macrumors.com/threads/reduce-transparency-actually-drains-battery.2467830/