Apple has just rolled out an emergency security update for iPhones, iPads, and Mac computers to fix a critical software flaw that hackers are already actively using to attack people. The vulnerability is particularly dangerous because it can be triggered by something as simple as a specially crafted image, potentially allowing attackers to compromise a device without the user even knowing.

The company has confirmed that it is aware of reports that this security hole has been used in “an extremely sophisticated attack against specific targeted individuals.” While this often means the initial targets are high-profile individuals like journalists or activists, these types of vulnerabilities can quickly be adopted by a wider range of criminals. The urgent nature of the patch indicates that all users should take the threat seriously and update their devices immediately.

What Is the Flaw and How Does It Work?

The security bug, officially tracked as CVE-2025-43300, is located in a core part of Apple’s operating systems called the ImageIO framework. This is the component responsible for processing and displaying almost all types of images you see on your screen. The flaw is technically known as an “out-of-bounds write,” which is a type of memory corruption bug.

Think of your device’s memory as a series of labeled boxes, each meant to hold a specific piece of information. When your device processes a normal picture, the data from that picture goes into its designated box. However, this vulnerability allowed a malicious image to write data outside of its assigned box, scribbling over the contents of other nearby boxes that contain critical system instructions. This can cause the application to crash or, in a worst-case scenario, allow an attacker to inject and execute their own malicious code, effectively taking control of the device.

Apple stated that its own internal security teams discovered the issue and have fixed it by implementing “improved bounds checking.” In our analogy, this is like reinforcing the walls of each memory box so that data from one cannot spill over and corrupt another, closing the loophole that attackers were exploiting.

Who Needs to Update Immediately?

Given that this vulnerability is being actively used in the wild, it is crucial to install the updates as soon as possible. Apple has released patches for a wide range of its current and older operating systems.

For those with newer Apple products, the update to look for is iOS 18.6.2 for iPhones and iPadOS 18.6.2 for iPads. This patch covers the iPhone XS and all later models. It also applies to a broad selection of iPads, including the 13-inch and 12.9-inch iPad Pro (3rd generation and newer), the 11-inch iPad Pro (1st generation and newer), the iPad Air (3rd generation and newer), the standard iPad (7th generation and newer), and the iPad mini (5th generation and newer). For those on slightly older devices that cannot run the latest OS, Apple has also released iPadOS 17.7.10 to protect the 12.9-inch iPad Pro (2nd generation), the 10.5-inch iPad Pro, and the 6th generation iPad.

Mac users are also at risk and have several updates available depending on their operating system. If you’re running macOS Ventura, you’ll need to update to version 13.7.8. For those on macOS Sonoma, the correct patch is version 14.7.8. Finally, users on the newest macOS Sequoia should install version 15.6.1 to be protected.

A Troubling Pattern of Zero-Day Attacks

This marks the seventh “zero-day” vulnerability that Apple has been forced to patch since the beginning of the year. A zero-day is a particularly dangerous type of flaw because it is discovered and used by hackers before the software maker is aware of it, giving them “zero days” to prepare a defense.

This consistent stream of high-stakes security threats highlights the ongoing and relentless efforts by attackers to find weaknesses in some of the world’s most popular devices. Just last month, Apple had to fix another zero-day flaw in its Safari web browser that was first found being exploited against Google Chrome users, showing how vulnerabilities in shared, open-source components can have a widespread impact across the tech industry. While the perpetrators and specific targets of this latest image-based attack remain unknown, the message to the public is clear: keeping your software updated is one of the most important things you can do to protect your digital life.