Apple Issues Emergency Patch for Zero-Day Flaw on iPhones and Macs

Apple has rolled out an emergency software update to address a newly discovered security flaw that targets iPhones, iPads, and Macs. The vulnerability, tracked as CVE-2025-43300, allows attackers to exploit Apple’s Image IO framework by sending booby-trapped image files.

The company released iOS 18.6.2 on Wednesday to patch the issue, warning users that the flaw may have already been used in “an extremely sophisticated attack against specific targeted individuals.”

According to Apple, maliciously crafted image files can trigger a memory corruption bug inside Image IO, the software responsible for reading and writing image formats. While Apple did not provide technical details, memory corruption flaws are often exploited to run rogue code on devices—sometimes leading to spyware installation or remote access.

The images could potentially be delivered through emails or text messages, making the attack difficult for victims to detect. Security researchers believe this kind of method is typically linked to spyware developers or elite hacking groups.

Previous Vulnerabilities and Patch Details

Apple has faced similar issues before. In April, the company patched another zero-day bug tied to Core Audio, which also relied on malicious media files to corrupt memory.

The new fix applies to multiple platforms:

• iOS 18.6.2 for iPhone XS and later
• iPadOS 18.6.2 and 17.7.10
• macOS Sequoia 15.6.1
• macOS Sonoma 14.7.8
• macOS Ventura 13.7.8

Users can install the update by navigating to Settings > General > Software Update. Devices with automatic updates enabled will patch themselves.

Featured image credit: Wikimedia Commons

For more stories like it, click the +Follow button at the top of this page to follow us.