Apple Rushes Out Fix for Zero-Day Attack on iPhones, Macs

Don’t miss out on our latest stories. Add PCMag as a preferred source on Google.

It’s time to update again. Apple is warning of a new hack that can target iPhones, iPads, and Macs by using a booby-trapped image.  

On Wednesday, Apple released an emergency patch in iOS 18.6.2 to protect users from the zero-day attack, which leverages a previously unknown flaw in the company’s software. 

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company wrote in the patch notes. 

Although details are thin, the description of the threat suggests an elite hacking group, possibly a spyware developer, has been delivering the attack through images secretly rigged to abuse the flaw. These images could be delivered in an email or text message.  

The flaw, dubbed CVE-2025-43300, involves Image IO, the company’s software framework for reading and writing image formats. “Processing a malicious image file may result in memory corruption,” the company said without elaborating. 

It was unclear what memory corruption could lead to. However, hackers often use memory corruption bugs to manipulate software into running rogue computer code, like downloading a malicious file. In April, the company patched a similar flaw that used maliciously crafted media files to trigger a memory corruption issue with Core Audio, Apple’s digital audio software framework for iOS and macOS. 

Apple has released its iOS fix for the iPhone XS and later. The patch has also been rolling out in iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.  

To install the security patch on your iPhone or iPad, go to Settings > General > Software Update. The device will also patch itself if you’ve toggled on automatic updates.

iOS 26 Public Beta: Install and Uninstall Guide

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Michael Kan

Senior Reporter

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan