Apple has released urgent updates for iPhone, iPad, and Mac to patch a serious security flaw that could allow attackers to install spyware through malicious image files. The company rolled out iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, MacOS Sequoia 15.6.1, MacOS Sonoma 14.7.8, and MacOS Ventura 13.7.8 on Wednesday, urging users to install them immediately. Apple confirmed that the flaw has already been exploited in targeted attacks against select individuals, underscoring the severity of the vulnerability.
The security issue lies in Apple’s ImageIO framework, which enables devices to process image file formats. Identified as CVE-2025-43300, the flaw is described as an “out-of-bounds write issue” that could lead to memory corruption when a malicious image file is opened. Attackers could exploit this by crafting an image capable of executing unauthorized code, potentially enabling spyware installation without the user’s knowledge. Apple said the vulnerability was fixed by improving bounds checking to prevent corrupted image files from breaching memory protections. Experts have warned that the exploit could be delivered through seemingly harmless images, making the risk especially dangerous.
According to Adam Boynton, senior security strategy manager at mobile device security firm Jamf, the flaw represents a significant risk for high-value individuals. “Apple has indicated that this vulnerability has been exploited in sophisticated, targeted attacks, which typically focus on individuals with highly valued access or contacts, such as journalists, lawyers, activists, and government officials,” he said in a statement to ZDNET. While Apple has not confirmed whether this flaw is linked to spyware campaigns, security researchers note that similar ImageIO and WebKit vulnerabilities have previously been used in Pegasus spyware attacks by NSO Group. Pegasus has been deployed in several controversial campaigns worldwide, often targeting political figures, activists, and journalists, despite NSO Group’s claim that it only sells the tool to governments for law enforcement purposes.
For general users, the risk of compromise remains relatively low, as Apple’s reference to “extremely sophisticated attacks against specific targeted individuals” suggests a limited scope. However, security experts recommend installing the latest updates without delay, as attackers could eventually attempt to broaden the exploit. The updates follow closely after Apple’s iOS 18.6.1 and WatchOS 11.6.1 releases, which introduced adjustments to the Blood Oxygen monitoring tool. With iOS 26 and new OS versions expected next month, this emergency update underscores the ongoing challenge Apple faces in securing its devices against advanced spyware campaigns while continuing to patch vulnerabilities before they can be widely abused.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
