Apple Rushes Out Fix for Zero-Day Attack on iPhones, Macs
Another update, another vulnerability: Apple has issued an emergency patch in iOS 18.6.2 to protect users from a new zero-day attack that can target iPhones, iPads, and Macs. The company warns of a sophisticated threat that leverages a previously unknown flaw in its software, which could be delivered through seemingly innocuous images.
According to Apple's patch notes, the issue dubbed CVE-2025-43300 involves Image IO, the company's software framework for reading and writing image formats. Processing a malicious image file may result in memory corruption, but the exact nature of this threat is unclear. However, hackers often use memory corruption bugs to manipulate software into running rogue computer code, such as downloading a malicious file.
The description of the threat suggests an elite hacking group, possibly a spyware developer, has been delivering the attack through images secretly rigged with the flaw. These images could be delivered in an email or text message, making it essential for users to exercise caution when receiving unsolicited media attachments.
Apple has released its iOS fix for iPhone models from the XS onwards, as well as patches for iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. Users can install the security patch by going to Settings > General > Software Update on their device. If automatic updates are enabled, your iPhone or iPad will automatically patch itself.
It's essential for users to stay vigilant in the face of such threats. Remembering that not all emails and text messages are legitimate can help prevent these types of attacks from taking hold. Stay informed with the latest security patches from trusted sources like Apple, and never hesitate to take action when faced with a suspicious message or attachment.
Don't miss out on our latest stories by adding PCMag as a preferred source on Google. Follow us for expert analysis, reviews, and news updates on technology and cybersecurity.