Update Aug. 21 at 09:35am EDT: This article, originally published at 03:20am, has been updated to add expert insight into the issue fixed in iOS 18.6.2.
Apple has released iOS 18.6.2, along with a warning to update your iPhone now. That’s because iOS 18.6.2 comes with a single fix for a serious hole already being used in real-life attacks.
Apple doesn’t give much detail about what’s fixed in iOS 18.6.2, to give people as much time to update as possible.
Tracked as CVE-2025-43300, the flaw patched in iOS 18.6.2 is an issue in Image/IO, which allows applications to read and write most image file formats, that could result in memory corruption if a user processes a malicious image.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the iPhone maker wrote on its support page.
Memory corruption can result in data in the device’s storage being altered in unintended ways, which attackers “can then exploit to make apps crash or even run malicious code,” says Jake Moore, global cybersecurity advisor at ESET.
About The Issue Patched In iOS 18.6.2
The release of iOS 18.6.2 comes just three weeks after iOS 18.6 fixed a hefty list of 29 vulnerabilities. While Apple doesn’t say so explicitly, it appears that the issue patched in iOS 18.6.2 could have been used in spyware campaigns — possibly by a nation state adversary.
Spyware typically targets users via a zero-click attack. This sees an attacker send an image via a service such as iMessage or WhatsApp, which will download the malware onto a person’s iPhone without any interaction.
Once spyware is on your device, it’s very difficult to mitigate and the malware is able to see and hear everything you do on screen — even via end-to-end encrypted channels such as WhatsApp and Signal.
Apple’s iOS 18.6.2 addresses a zero-day flaw that can use a malicious image file to trigger memory corruption, enabling unauthorised access and malicious code execution on the device, confirms Sylvain Cortes, VP strategy at Hackuity. This opens the door to so-called zero-click attacks, where a simple malicious message could let attackers run code without any action from the victim, Cortes says.
The fix issued in iOS 18.6.2.could allow an attacker to trigger memory corruption if a user opens a malicious image file, potentially enabling malicious code execution and compromise of the iPhone, says Adam Boynton, senior security strategy manager EMEIA at Jamf.
While Apple has not confirmed whether this specific flaw was linked to spyware, similar vulnerabilities in ImageIO and WebKit have previously been used in campaigns using the Pegasus varient, he says. “Even though the exploitation appears targeted, we recommend that all users update to iOS 18.6.2 immediately, particularly those in industries most at risk of spyware attacks.”
Why You Should Update to iOS 18.6.2 Now
With this in mind, it’s important to update to iOS 18.6.2 now. Moore advises updating your iPhone “immediately” to remain protected.
It’s better to download and install iOS 18.6.2 manually, as it can take time to reach every iPhone user’s device.
Keep in mind that spyware is very targeted against a subset of people such as dissidents, journalists and businesses in certain sectors. But since the flaw fixed in iOS 18.6.2 has already been used in attacks, it’s still important to update your device as it could be used more broadly.
It is especially key that business and public sector users are on the lookout for iOS 18.6.2, Cortes warns. “Organizations handling Apple devices need to be able to identify and update all affected devices immediately, especially if they operate in at-risk fields like the legal, media and public sectors.”
Apple’s iOS 18.6.2 and iPadOS 18.6.2 are available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Apple iOS and iPadOS 18.6.2 were issued alongside iPadOS 17.7.10 for older devices, fixing the same flaw.
So, what are you waiting for? Go to Settings > General > Software Update and download and install iOS 18.6.2 on your iPhone now.
Read the full article here
