Actively Exploited iPhone Flaw Has A Fix You Can Use Now

Following the release of iOS 18.6.2, Apple has now explained that this update fixes an actively exploited flaw on iPhone, iPad and Mac. Interestingly, iOS 18.6.2 comes a week after Apple seeded iOS 18.6.1, which brought back the blood oxygen tool for Apple Watch users in the U.S.

In Apple's release notes, the company says this ImageIO fix is available to all iPhone, iPad, and Mac models compatible with iOS 18, iPadOS 18, and macOS Sequoia. Here's how the company describes the attack:

"Impact: Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."

While Apple says that "an out-of-bounds write issue was addressed with improved bounds checking," anyone who's not in iOS 18.6.2 might be able to fall for this attack. Here's what it does and why you should update right away.

What makes this actively exploited flaw so serious is that someone could send you or trick your device into opening a specially crafted image, such as a JPEG, PNG, or HEIF, and then exploit the bug available on previous versions of iOS, iPadOS, and macOS.

With that, the attacker could run arbitrary code on your iPhone, ultimately taking control of your device. While Apple is careful enough to say this wasn't a widespread attack, rather focused on "specific targeted individuals," this could mean hackers were aiming at journalists, activists, and political figures.

Even though there isn't much you can do prior to the update, besides avoiding sketchy websites and opening documents from people you don't know, the best way to protect yourself is by updating your devices to iOS 18.6.2, iPadOS 18.6.2, and macOS Sequoia 15.6.1. BGR will let you know if the company releases another security patch ahead of the big iOS 26 update, expected in a few weeks from now.