Update your iPhone, iPad, and Mac ASAP to fix this dangerous security flaw - here's why

Elyse Betters Picaro / ZDNET ZDNET's key takeaways Apple has patched a serious security flaw on iPhone, iPad, and Mac. Patch fixes a flaw that could allow an attacker to install spyware. The flaw has been exploited in the wild against targeted individuals. Get more in-depth ZDNET tech coverage: Add us as a preferred Google source on Chrome and Chromium browsers. I know you're probably tired of constantly updating your iPhone, iPad, or Mac to fix one issue or another. But there's yet another update that you'll definitely want to install. And hopefully this will be the last one before iOS 26 and the other new OS versions debut next month. Also: Changing these iOS 18 settings significantly improved my iPhone's battery life On Wednesday, Apple rolled out updates for a slew of products and versions to resolve a security issue. Affecting iPhones, iPads, and Macs, the updates include iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, MacOS Sequoia 15.6.1, MacOS Sonoma 14.7.8, and MacOS Ventura 13.7.8. How to update your Apple device - and why If you want to cut to the chase and quickly update your device, here's how. On your iPhone or iPad, go to Settings, select General, and tap Software Update. On your Mac, head to System Settings, select General, and click Software Update. On all platforms, allow the latest update to download and install. So what do yesterday's updates carry, and why should you install them ASAP? They fix only one flaw, but it's a serious one. Also: How to clear your iPhone cache (and why you should do it before the iOS 26 update) On its pages for iOS/iPadOS 18.6.2 and MacOS 15.6.1, Apple described the vulnerability as one that affects its ImageIO framework and that "processing a malicious image file may result in memory corruption." The company added that it's aware of reports that this flaw may have been exploited in the wild in "an extremely sophisticated attack against specific targeted individuals." Identified as an "out-of-bounds write issue," the problem was fixed through "improved bounds checking." An extremely sophisticated attack OK, let's break that down for those of you who want the nitty gritty details. ImageIO is an Apple framework that lets applications read and write most image file formats. This lets your device know how to process and display a photo or other image. "Processing a malicious image file may result in memory corruption" means that an attacker could exploit a flaw in ImageIO by creating an image designed to corrupt your device's memory. The "out-of-bounds write issue" is the actual flaw in ImageIO, which means that the attacker could write data outside of the memory reserved for a specific program. By exploiting this flaw, they could then run malicious code and even install spyware. Fixing the issue required Apple to set up "improved bounds checking" to ensure that the malicious image wouldn't be able to venture beyond its assigned memory. Also: 5 Apple products you definitely shouldn't buy this month (and 7 to get instead) The dangerous part here is that an attacker could target someone through a seemingly innocent-looking image. This means that just opening the image could have led to compromise. Designated as CVE-2025-43300, the flaw is further described on its CVE page. However, Apple's description of "an extremely sophisticated attack against specific targeted individuals" indicates that most users wouldn't likely be impacted by this issue. Instead, this sounds like another attempt by a spyware entity targeting government officials, political activists, journalists, and other high-profile individuals. One famous, or infamous, company known to launch these types of campaigns is NSO Group. Through its Pegasus spyware, the group has been caught several times exploiting flaws on computers and mobile devices to monitor the activities of targeted victims. The company has argued that it uses its Pegasus software only to help legitimate law enforcement bodies go after criminals and terrorists. But Apple has sued NSO Group and been forced to patch any exploited flaws found in its operating system. Also: Installed iOS 18.6 on your iPhone? Change these 11 settings for the best experience The latest updates come just a few days after the release of iOS 18.6.1 and WatchOS 11.6.1, which brought with them a new (and hopefully non-patent-infringing) version of Apple's Blood Oxygen monitoring tool.