Update Aug. 22, 2025: This article, originally published on Aug.21, has been updated to add analysis of the issue fixed in iOS 18.6.2.
Apple has released iOS 18.6.2, along with a warning to update your iPhone now. That’s because iOS 18.6.2 comes with a single fix for a serious hole already being used in real-life attacks.
Apple doesn’t give much detail about what’s fixed in iOS 18.6.2, to give people as much time to update as possible.
Tracked as CVE-2025-43300, the flaw patched in iOS 18.6.2 is an issue in Image/IO, which allows applications to read and write most image file formats, that could result in memory corruption if a user processes a malicious image.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the iPhone maker wrote on its support page.
Memory corruption can result in data in the device’s storage being altered in unintended ways, which attackers “can then exploit to make apps crash or even run malicious code,” says Jake Moore, global cybersecurity advisor at ESET.
About The Issue Patched In iOS 18.6.2
The release of iOS 18.6.2 comes just three weeks after iOS 18.6 fixed a hefty list of 29 vulnerabilities. While Apple doesn’t say so explicitly, it appears that the issue patched in iOS 18.6.2 could have been used in spyware campaigns — possibly by a nation state adversary.
Spyware typically targets users via a zero-click attack. This sees an attacker send an image via a service such as iMessage or WhatsApp, which will download the malware onto a person’s iPhone without any interaction.
Once spyware is on your device, it’s very difficult to mitigate and the malware is able to see and hear everything you do on screen — even via end-to-end encrypted channels such as WhatsApp and Signal.
Apple’s iOS 18.6.2 addresses a zero-day flaw that can use a malicious image file to trigger memory corruption, enabling unauthorised access and malicious code execution on the device, confirms Sylvain Cortes, VP strategy at Hackuity. This opens the door to so-called zero-click attacks, where a simple malicious message could let attackers run code without any action from the victim, Cortes says.
The fix issued in iOS 18.6.2.could allow an attacker to trigger memory corruption if a user opens a malicious image file, potentially enabling malicious code execution and compromise of the iPhone, says Adam Boynton, senior security strategy manager EMEIA at Jamf.
While Apple has not confirmed whether this specific flaw was linked to spyware, similar vulnerabilities in ImageIO and WebKit have previously been used in campaigns using the Pegasus varient, he says. “Even though the exploitation appears targeted, we recommend that all users update to iOS 18.6.2 immediately, particularly those in industries most at risk of spyware attacks.”
How The Attack Using The iOS 18.6.2 Flaw Works
Pieter Arntz, a researcher at security outfit Malwarebytes has written a blog analysing the flaw patched in iOS 18.6.2. The blog describes how the Image I/O framework is the part of macOS that “does the heavy lifting whenever an app needs to open or save a picture.”
“An out-of-bounds write vulnerability means that the attacker can manipulate parts of the device’s memory that should be out of their reach,” Arntz says. “Such a flaw in a program allows it to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers can write code to a part of the memory where the system executes it with permissions that the program and user should not have.”
Arntz describes how an attacker could construct an image to exploit the vulnerability, in the same way adversaries perform a zero-click attack using spyware. “Processing such a malicious image file would result in memory corruption. Memory corruption issues can be manipulated to crash a process or run attacker’s code.”
Apple has acknowledged reports that attackers may have already used this flaw in a highly sophisticated operation aimed at specific, high‑value targets.
“But history teaches us that once a patch goes out, attackers waste little time recycling the same vulnerability into broader, more opportunistic campaigns,” Arntz warns. “What starts as a highly targeted campaign often trickles down into mass exploitation against everyday users. That’s why it’s important that everyone takes the time to update now.”
iOS 18.6.2 — How To Check Your iPhone For Spyware
Attacks using the vulnerability fixed in iOS 18.6.2 are aimed at a limited group. In the past, spyware has been used against dissidents, journalists and public sector workers — as well as businesses operating in certain sectors.
It’s difficult to tell if spyware is already on your iPhone, however signs include the device running very slowly, or overheating. You can also use tools such as the app iVerify, which claims it can detect spyware on your iPhone.
If you do suspect a spyware attack, the malware can sometimes be disrupted by turning your iPhone on and off again, but note this is a temporary fix. The only way to really get rid of spyware is to stop using your iPhone altogether. Groups such as Amnesty and Access Now offer help for human rights defenders targeted by spyware.
Why You Should Update to iOS 18.6.2 Now
The flaw fixed in this latest iPhone update is serious, so it’s important to update to iOS 18.6.2 now. Moore advises updating your iPhone “immediately” to remain protected.
The fact that the issue patched in iOS 18.6.2 is actively being exploited point to the importance of applying the update, says Sean Wright, head of application security at Featurespace. “Thankfully, the exploit does appear to be complex and likely only exploited in a very targeted attack, so most ordinary users are unlikely to become a victim. But I would still highly recommend applying the fix as soon as possible to be on the safe side.”
It’s better to download and install iOS 18.6.2 manually, as it can take time to reach every iPhone user’s device.
Keep in mind that spyware is very targeted against a subset of people. But since the flaw fixed in iOS 18.6.2 has already been used in attacks, it’s still important to update your device as it could be used more broadly.
It is especially key that business and public sector users are on the lookout for iOS 18.6.2, Cortes warns. “Organizations handling Apple devices need to be able to identify and update all affected devices immediately, especially if they operate in at-risk fields like the legal, media and public sectors.”
Apple’s iOS 18.6.2 and iPadOS 18.6.2 are available for the iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
Apple iOS 18.6.2 was issued alongside iPadOS 17.7.10 for the iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation, fixing the same flaw.
Apple has also released macOS Sequoia 15.6.1,macOS Sonoma 14.7.8 and macOS Ventura 13.7.8 for Mac devices.
So, what are you waiting for? Go to Settings > General > Software Update and download and install iOS 18.6.2 on your iPhone now.