Apple has released security updates for iPhone, iPad and Mac to fix zero-day vulnerabilities (vulnerabilities that Apple hadn't previously realized), reportedly used in targeted attacks.
Update range:
Apple has admitted that attackers may have used this flaw in highly complex operations targeting specific high-value targets.
But history tells us that once the problem is solved, attackers waste little time reclaiming the same vulnerability into a wider, more opportunistic movement. Starting with highly targeted campaigns, large-scale development for everyday users is often introduced.
This is why it’s important for everyone to need time to update.
How to update your iPhone or iPad
For iOS and iPados users, you can check if the latest software version is used, please go to Settings > General > Software Updates. You want to use iOS 18.6.2 or iPados 18.6.2 (or 17.7.10 for older models), so if not, update now. If you haven't already, it's also worth turning on automatic updates. You can do this on the same screen.
How to update your Mac
For Mac users, click the Apple menu in the upper left corner of the screen and open System Settings. From there, scroll down until you find Generaland select Software Update. Your Mac will automatically check for new updates. If there is an update, you will see the options for downloading and installing. Depending on the size of the update, this process can take several minutes to an hour, and your computer needs to be restarted to complete the installation.
As always, it is best to save work before use Restart now button. The update may sometimes require multiple restarts, so allow some downtime. After installing the update, your system is more protected and you can use your Mac without having to worry about this vulnerability hanging on you.
Technical details
The vulnerability is tracked as CVE-2025-43300 and is located in the Image I/O framework, part of MacOS is part of a heavy lift when the application needs to open or save images. The question comes from outside the bounds. Apple stepped in and checked through better scope, narrowing the rules from the hole so attackers could no longer use it.
Extraboundary write vulnerability means that an attacker can manipulate a portion of the device's memory that should be out of reach. This flaw in a program allows it to be read or written outside the scope of the assembly, allowing an attacker to manipulate other parts of the memory allocated to more critical functions. An attacker can write code to a portion of memory, where the system can execute the code using permissions that the program and the user should not have.
In this case, an attacker can build images to exploit the vulnerability. Handling such malicious image files will result in memory corruption. Memory corruption issues can be manipulated to crash or run attacker's code.
We not only report phone security – we provide
Cybersecurity risks should never exceed the title. Avoid the threat from mobile devices by downloading malware for iOS and malware for Android.