Follow ZDNET: Add us as a favorite source On Google.
Key takeaways of zdnet
- Apple has patched a serious security defect on iPhone, iPad and Mac.
- The patch fixes a defect that may allow an attacker to install spyware.
- The defects in the wild have been exploited against the targeted persons.
I know that you are probably tired of constantly updating your iPhone, iPad, or Mac to fix one problem or another. But so far there is another update that you definitely want to install. And it is expected that this iOS will be the last before 26 and other new OS versions will begin next month.
Too: Changing these iOS 18 settings improved my iPhone battery life considerably
Last Wednesday, Apple rolled out an update for a group of products and versions to solve the safety problem. Impressing iPhones, iPads and MACS, updates include iOS 18.6.2, iPados 18.6.2, iPados 17.7.10, Macos Sequoia 15.6.1, Macos Sonoma 14.7.8, and Macos Ventura 13.7.8.
How to update your Apple device – and why
If you want to cut the chase and update your device quickly, then it is reported here how. On your iPhone or iPad, go to Settings, select General, and tap on the software update. On your Mac, go to the system settings, select the general, and click on the software update. On all platforms, allow to download and install the latest updates.
So what are the updates of tomorrow, and why should you install them asap? They only fix a defect, but it is a serious.
Too: How to clean your iPhone cash (and why you should do it before iOS 26 update)
On its pages for iOS/iPados 18.6.2 And McOS 15.6.1Apple described vulnerability as one that affects it Image -formation And “Memory corruption can occur by processing a malicious image file.” The company said that it is aware of the reports that this defect may have been exploited in the wild in “an extremely sophisticated attack against specific targeted persons”. Identified as “out-of-bounds right issues”, “problem” was fixed through better limit checking. ,
A highly sophisticated attack
Okay, let’s break down to those of you who want Nitty-Gritti details.
Imageio is an apple framework that allows the application to read and write. This shows your device how to process and display photos or other images. “Processing a malicious image file can lead to memory corruption” means that an attacker can take advantage of a defect in the imageos by creating an image designed to corrupt the memory of your device.
The “out-of-bounds right issues” imagio has a real defect, meaning that the attacker can write data outside the memory reserved for a specific program. By exploiting this defect, they could then run malicious codes and even install spyware. To ensure that the malicious image will not be able to enter the venture beyond its assigned memory, it is necessary to fix the problem required to install a “better limit check”.
Too: 5 Apple Products You should definitely not buy this month (and to get 7 instead)
The dangerous part here is that an attacker can target someone through an innocent looking image. This means that just opening image can lead to compromise. Nominated as CVE-2025-43300, defect is further described Its CVE page,
However, the description of Apple’s “an extremely sophisticated attack against specific targeted persons” indicates that most users will not be affected by the issue. Instead, it seems like another attempt by a spyware unit to target government officials, political activists, journalists and other high-profile individuals.
A famous, or notorious, the company is known for launching such campaigns, NSO group. Through its pegasus spyware, the group has been caught exploiting flaws on computer and mobile devices several times to monitor the activities of targeted victims.
The company has argued that it uses its pegasus software only to help the valid law enforcement bodies to go after criminals and terrorists. But Apple has sued the NSO group and is forced to patch any exploited flaws found in its operating system.
Adam Botton, Senior Security Strategy Manager of Mobile device Security Firm Jamf, said, “CVE-2025-43300 can allow an attacker to trigger memory corruption if a user opens a malicious image file, possibly capable of compromise of malicious code execution and iPhone,” Mobile Divisions Security Firm Jamaf’s senior security strategy manager adams Said in ZDNET in an email.
Too: Installed iOS 18.6 on your iPhone? Change these 11 settings for the best experience
“Apple indicated that this vulnerability has been exploited in sophisticated, targeted attacks, which usually focus on individuals with highly valuable access or contact, such as journalists, lawyers, activists, and government officials,” said Boyton. “While Apple has not confirmed whether this specific defect was linked to spyware, the same weaknesses in the image and webkit have been used in the first pegasus campaigns.”
The latest updates come only a few days after the release of iOS 18.6.1 and Watches 11.6.1, which was brought with a new (and non-penetant-infring as expected) of Apple’s blood oxygen monitoring tool.
