Apple released iOS and iPadOS 18.6.2 on Wednesday to fix a critical zero-day vulnerability known as CVE-2025-43300. The flaw had already been exploited in a sophisticated attack targeting specific users.
The issue stemmed from Apple’s ImageIO framework, which handles image files across iPhones and iPads. A malicious image could trigger an out-of-bounds memory write, allowing remote code execution. Apple resolved the problem by improving bounds checking and confirmed credible reports of targeted exploitation.
This type of vulnerability has previously been used by spyware vendors working with authoritarian regimes to monitor journalists, activists, and opposition figures. Apple’s approach of releasing patches before disclosing details remains consistent.
The update is available for iPhone XS and newer, and iPads including the 3rd-gen iPad Pro, iPad 7th generation, and later models. The attack’s use of image files underscores how stealthy and widespread modern threats have become, especially when embedded in everyday digital content.
Apple’s quick response may have neutralized this threat, but the incident reflects the ongoing battle between tech companies and advanced attackers seeking to exploit common device features.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
