Less than a week after the release of iOS 18.6.1, Apple released the 18.6.2 update, which is believed to prevent hackers from accessing the device through "malicious image files."
The vulnerability, tracked with the CVE-2025-43300 code, was identified in Apple's Image I/O framework, which handles reading and writing image files on their devices. According to the iPhone manufacturer, processing a maliciously crafted image file could lead to memory corruption and allow an attacker to execute malicious code on the device.
Apple stated that the vulnerability was exploited by an "extremely sophisticated attack against specific individuals." The company addressed the issue with iOS 18.6.2 and parallel security patches for macOS Sequoia, Sonoma, and Ventura, released in an unscheduled update late Wednesday.
"For the protection of customers, Apple does not disclose, discuss, or confirm security issues until an investigation has taken place and patches or releases are available," the company wrote on its official support page.
Affected devices and update availability
The iOS 18.6.2 update applies to all iPhone models released since 2018, starting with the iPhone XS, XS Max, XR, and the 2nd and 3rd generation iPhone SE. The patch also extends to Apple's latest devices, including the iPhone 16 and iPhone 16e.
Supported iPad models include the 13-inch iPad Pro, 12.9-inch iPad Pro (2nd generation and later), 11-inch iPad Pro (1st generation and later), 10.5-inch iPad Pro, iPad Air (3rd generation and later), iPad (6th generation and later), and iPad mini (5th generation and later).
The update is also available for Macs running the three latest versions of macOS. The tech giant is urging users not to wait for automatic updates but instead to apply the patch manually, as automatic updates may take time to reach all devices.
How does the update 18.6.1 make the device more vulnerable?
According to some security analysts, this vulnerability is an out-of-bounds write vulnerability, a type of bug that allows an attacker to access or interfere with parts of the device's memory that would normally be restricted.
Pieter Arntz, a former Microsoft consultant and researcher at the cybersecurity company Malwarebytes, explained in a blog post that this vulnerability could allow an attacker to inject and execute code in "inaccessible" memory sections.
"Such a vulnerability in a program allows it to read or write outside the bounds of the sections that the program sets, allowing the attacker to interfere with other sections of memory allocated for more critical functions," he wrote.
Arntz emphasized that adversaries could exploit this flaw by creating a malicious image file that corrupts memory as soon as the device processes it, even without user interaction. He compared the attack to zero-click attacks, where spyware or malware is activated merely by receiving or processing malicious content.
"Processing such a malicious image file would lead to memory corruption," he said. "The memory corruption issue can be exploited to cause a crash for a process or run the attacker’s code."
Apple has acknowledged that it received reports of the vulnerability being used in targeted attacks against certain individuals, but did not identify the victims.
Sean Wright, head of application security at Featurespace, believes that the exploitation is too complex to deploy on a large scale.
"Fortunately, the attack appears to be complex and likely only exploitable in a very specific attack, so most average users are unlikely to become victims," Wright told Forbes. "But I still highly recommend applying the patch as soon as possible to ensure safety."
If you are reading this, you are ahead already. Continue with our newsletter.
Register for a Binance account to receive permanent trading fee rebates:
- New account registration link: https://accounts.binance.com/register?ref=Q2FSX523
- Referral code: Q2FSX523