Apple just dropped iOS 18.6.2 and iPadOS 18.6.2, and if youโre the type who usually ignores those โUpdate Availableโ pop-ups, this is the one time you should not. Seriously.
Why? Because thereโs a nasty flaw floating around in Appleโs system, one so dangerous that Apple admits it may already have been used in real-world attacks. And unlike the usual โit improves performance and stabilityโ updates, this one is about protecting your money, data, and sanity.
The issue, logged as CVE-2025-43300, hides inside ImageIO. This is the behind-the-scenes tool your device uses to open and process images. Long story short: if a hacker sends you a malicious image, just receiving or previewing the file can trigger the exploit without even opening it, giving them full access to your device. Think spyware, stolen data, drained crypto wallets, you name it. Reports say high-net-worth individuals in the crypto world have already been targeted.
Apple says the bug could allow attackers to run arbitrary code (translation: they can make your device do whatever they want), escalate privileges (translation: they can break past all your security walls), and even install spyware without you knowing.
The fix? Update. Right now.
Make tech-ish your favourite news source
Star tech-ish.com on Google. We move up your daily feed.
- iPhone users: If you have an iPhone XS or newer, go to Settings โ General โ Software Update and get iOS 18.6.2.
- iPad users: If youโre on iPad Pro (2018 and later), iPad Air 3rd gen and up, iPad 7th gen and up, or iPad mini 5th gen and newer, grab iPadOS 18.6.2.
- Mac users: Donโt feel left out โ update your macOS too, the issue spans the ecosystem.
And hereโs the golden rule: never, ever store anything that needs to be cryptographically secure (think private crypto keys) on a device that isnโt updated.
This isnโt about โmy phone will feel smoother after updating.โ This is about keeping your money, your data, and your privacy safe. So plug in your device, grab some Wi-Fi, and hit that update button.
Because honestly, getting hacked by opening a picture? Thatโs a plot twist nobody wants.
