It's time to update again. Apple is warning of a new hack that can target iPhones, iPads, and Macs by using a booby-trapped image.

On Wednesday, Apple released an emergency patch in iOS 18.6.2 to protect users from the zero-day attack, which leverages a previously unknown flaw in the company’s software.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company wrote in the patch notes.

Although details are thin, the description of the threat suggests an elite hacking group, possibly a spyware developer, has been delivering the attack through images secretly rigged to abuse the flaw. These images could be delivered in an email or text message.

The flaw, dubbed CVE-2025-43300, involves Image IO, the company’s software framework for reading and writing image formats. “Processing a malicious image file may result in memory corruption,” the company said without elaborating.

It was unclear what memory corruption could lead to. However, hackers often use memory corruption bugs to manipulate software into running rogue computer code, like downloading a malicious file. In April, the company patched a similar flaw that used maliciously crafted media files to trigger a memory corruption issue with Core Audio, Apple’s digital audio software framework for iOS and macOS.

Apple has released its iOS fix for the iPhone XS and later. The patch has also been rolling out in iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

To install the security patch on your iPhone or iPad, go to Settings > General > Software Update. The device will also patch itself if you’ve toggled on automatic updates.

By: DocMemory
Copyright © 2023 CST, Inc. All Rights Reserved