Apple has issued an emergency security update for iOS 18.6.2 and iPadOS 18.6.2 to address a critical zero-day vulnerability that the company confirms is being actively exploited in sophisticated attacks against targeted individuals.
The update, released on August 20, 2025, patches a severe flaw in the ImageIO component that could allow attackers to execute malicious code through specially crafted image files.
Critical Vulnerability Details
The vulnerability, designated as CVE-2025-43300, represents an out-of-bounds write issue within Apple’s ImageIO framework.
When a device processes a malicious image file, the flaw can trigger memory corruption, potentially allowing attackers to gain unauthorized access to the device.
Apple’s security advisory specifically notes that the company “is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
| Field | Details |
| CVE ID | CVE-2025-43300 |
| Severity | Critical |
| CVSS Score | Not yet assigned |
| Vulnerability Type | Out-of-bounds write |
| Affected Component | ImageIO |
| Products | iOS 18.6.2, iPadOS 18.6.2 |
The technical nature of this vulnerability makes it particularly dangerous. Out-of-bounds write vulnerabilities occur when software writes data beyond the allocated memory boundaries, potentially overwriting critical system information.
In this case, the flaw affects how iOS and iPadOS handle image processing, a fundamental function that occurs regularly as users view photos, browse websites, or receive multimedia messages.
The security update affects a broad range of Apple devices, including iPhone XS and later models, along with multiple iPad variants.
Specifically, the update covers iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
This extensive device coverage indicates the widespread nature of the vulnerability, affecting millions of users worldwide.
The fact that Apple has confirmed active exploitation elevates the urgency significantly, as it suggests threat actors are already leveraging this flaw in real-world attacks.
Apple addressed the vulnerability through improved bounds checking, a standard defensive programming practice that validates data operations stay within allocated memory limits.
The company’s security document emphasizes their policy of not disclosing security issues until patches are available, reflecting their coordinated disclosure approach.
The terminology “extremely sophisticated attack” suggests this vulnerability may be part of a larger campaign, possibly involving nation-state actors or advanced persistent threat groups targeting high-value individuals. This language is typically reserved for the most serious security incidents.
Security experts strongly recommend that all users with compatible devices install iOS 18.6.2 and iPadOS 18.6.2 immediately.
Given the confirmed active exploitation, delaying the update could leave devices vulnerable to compromise through malicious images delivered via email, messaging apps, or malicious websites.
Users should navigate to Settings > General > Software Update to check for and install the latest version immediately.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
Source link
