Apple releases update to iOS 18.6.2 and macOS 15.6.1: Exploit "in the wild"
Apple updated its old operating systems once again on Thursday night. The main reason for this are important security fixes.
Open lock with Apple logo (symbolic image).
(Image: Alberto Garcia Guillen/Shutterstock.com)
Although Apple's major upgrades to iOS 26 and macOS 26 (Tahoe) are expected in a few weeks' time, the company has now released updates for the previous versions iOS 18, iPadOS 18 and macOS 15 (Sequoia). This is due to security vulnerabilities in the systems which, according to the manufacturer, are already being actively exploited. Older iOS versions are also affected, but as usual Apple is only partially patching them. According to the company, the updates do not contain any other new features.
Complex attack on specific targets
Apple only mentions a single vulnerability in its package inserts for security-relevant changes: A bug in the Image I/O image processing library. It states that the processing of maliciously manipulated images can lead to a memory error. "Apple is aware of a report that this issue may have been exploited in a highly sophisticated attack targeting specific individuals." In practice, this means that it was probably state actors – or companies that supported them.
Videos by heise
Apple did not disclose who was affected by the attack. The company names itself as the discoverer of the vulnerability, which has the CVE ID CVE-2025-43300. The bug was fixed by correcting an out-of-bounds write problem – through improved bounds checking. The bug could be part of a whole exploit chain in which image I/O is probably used as a gateway – for example by sending a manipulated image via iMessage. However, technical details are still missing – whether Apple will communicate these at a later date remains to be seen.
Which versions you should install quickly
Interestingly, the exploitable bug is apparently only in macOS, iPadOS and iOS – At least Apple has not yet provided any updates for its other operating systems watchOS, visionOS and tvOS, although these also contain the image I/O library. tvOS does not have its own messaging app, whereas visionOS and watchOS do. The latest versions are now iOS 18.6.2 and iPadOS 18.6.2 as well as macOS 15.6.1. On a test Mac, the update was quite powerful at 1.5 GB, so it could also contain other new features. It remains unclear why Apple does not use its Rapid Security Response system for an exploited bug.
Users of older macOS and iPadOS versions will also receive updates, while iOS 17 users must update to iOS 18. The current versions are iPadOS 17.7.10, macOS 13.7.8 Ventura and macOS 14.7.8 Sonoma. The only change communicated by Apple is a fix for the image I/O bug.
Empfohlener redaktioneller Inhalt
Mit Ihrer Zustimmung wird hier ein externer Preisvergleich (heise Preisvergleich) geladen.
Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (heise Preisvergleich) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.
(bsc)
