Key takeaways

• Apple has patched a serious security flaw on iPhone, iPad,andMac.
• Patch fixes a flaw that could allow an attacker to install spyware.
• The flaw has been exploited in the wild against targeted individuals.

Get more in-depth tech coverage:Add us as a preferred Google source on Chrome and Chromium browsers.

I know you're probably tired of constantly updating your iPhone, iPad, or Mac to fix one issue or another.But there's yet another update that you'll definitely want to install. And hopefully this will be the last one before iOS 26 and the other new OS versions debut next month.

Also: Changing these iOS 18 settings significantly improved my iPhone's battery life

On Wednesday, Apple rolled out updates for a slew of products and versions to resolve a security issue. Affecting iPhones, iPads, and Macs, the updates include iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, MacOS Sequoia 15.6.1, MacOS Sonoma 14.7.8, and MacOS Ventura 13.7.8.

How to update your Apple device - and why

If you want to cut to the chase and quickly update your device, here's how. On your iPhone or iPad, go to Settings, select General, and tap Software Update. On your Mac, head to System Settings, select General, and click Software Update. On all platforms, allow the latest update to download and install.

So what do yesterday's updates carry, and why should you install them ASAP? They fix only one flaw, but it's a serious one.

Also: How to clear your iPhone cache (and why you should do it before the iOS 26 update)

On its pages foriOS/iPadOS 18.6.2 and MacOS 15.6.1 , Apple described the vulnerability as one that affects itsImageIO framework and that "processing a malicious image file may result in memory corruption." The company added that it's aware of reports that this flaw may have been exploited in the wild in "an extremely sophisticated attack against specific targeted individuals." Identified as an "out-of-bounds write issue," the problem was fixed through "improved bounds checking."

An extremely sophisticated attack

OK, let's break that down for those of you who want the nitty gritty details.

ImageIO is an Apple framework that lets applications read and write most image file formats. This lets your device know how to process and display a photo or other image. "Processing a malicious image file may result in memory corruption" means that an attacker could exploit a flaw in ImageIO by creating an image designed to corrupt your device's memory.

The "out-of-bounds write issue" is the actual flaw in ImageIO, which means that the attacker could write data outside of the memory reserved for a specific program. By exploiting this flaw, they could then run malicious code and even install spyware. Fixing the issue required Apple to set up "improved bounds checking" to ensure that the malicious image wouldn't be able to venture beyond its assigned memory.

Also: 5 Apple products you definitely shouldn't buy this month (and 7 to get instead)

The dangerous part here is that an attacker could target someone through a seemingly innocent-looking image. This means that just opening the image could have led to compromise. Designated as CVE-2025-43300, the flaw is further described onits CVE page .

However, Apple's description of "an extremely sophisticated attack against specific targeted individuals" indicates that most users wouldn't likely be impacted by this issue. Instead, this sounds like another attempt by a spyware entity targeting government officials, political activists, journalists, and other high-profile individuals.

One famous, or infamous, company known to launch these types of campaigns is NSO Group. Through its Pegasus spyware, the group has been caught several times exploiting flaws on computers and mobile devices to monitor the activities of targeted victims.

The company has argued that it uses its Pegasus software only to help legitimate law enforcement bodies go after criminals and terrorists. But Apple has sued NSO Group and been forced to patch any exploited flaws found in its operating system. 

"CVE-2025-43300 could allow an attacker to trigger memory corruption if a user opens a malicious image file, potentially enabling malicious code execution and compromise of the iPhone," Adam Boynton, senior security strategy manager of mobile device security firm Jamf, said in an email to .

"Apple has indicated that this vulnerability has been exploited in sophisticated, targeted attacks, which typically focus on individuals with highly valued access or contacts, such as journalists, lawyers, activists, and government officials," Boynton added. "While Apple has not confirmed whether this specific flaw was linked to spyware, similar vulnerabilities in ImageIO and WebKit have previously been used in Pegasus campaigns."

Also: Installed iOS 18.6 on your iPhone? Change these 11 settings for the best experience

The latest updates come just a few days after the release of iOS 18.6.1 and WatchOS 11.6.1, which brought with them a new (and hopefully non-patent-infringing) version of Apple's Blood Oxygen monitoring tool.

Security

How passkeys work: Your passwordless journey begins here

This infamous people search site is back after leaking 3 billion records - how to remove your data from it ASAP

Syncable vs. non-syncable passkeys: Are roaming authenticators the best of both worlds?

Yes, you need a firewall on Linux - here's why and which to use

• How passkeys work: Your passwordless journey begins here
• This infamous people search site is back after leaking 3 billion records - how to remove your data from it ASAP
• Syncable vs. non-syncable passkeys: Are roaming authenticators the best of both worlds?
• Yes, you need a firewall on Linux - here's why and which to use