The vulnerabilities may have been exploited in 'an extremely sophisticated attack against specific targeted individuals' using versions of iOS prior to iOS 26, as per Apple's security bulletin.