Recently, our platform has dissected every new beta of iOS 26, but let’s not forget that until September’s official release, the last public version for everyday users is iOS 18. And Apple just reminded everyone of that fact. Yesterday, on August 20, 2025, the company dropped updates to iOS 18.6.2 and iPadOS 18.6.2, along with macOS Sequoia 15.6.1. No new wallpapers, no flashy widgets, just important bug fixes and security updates.
According to Apple’s release notes, the patches are recommended for all users because they close off an exploit that, in the company’s own words, “may have been used in an extremely sophisticated attack against specific targeted individuals.” In short, Apple wants you to update now, not next week, not when your battery hits 100%, but immediately, unless, of course, you enjoy the idea of invisible strangers flipping through your files.
Apple Fixes Image Vulnerability Already Used in Attacks
Apple fixed the ImageIO bug labeled CVE-2025-43300, which allowed an out-of-bounds write and opened the door to memory corruption and code execution. The exploit required nothing more than a malicious image. A device could process it inside Messages, Mail, or Safari without the user tapping a single button.
Apple’s own security team discovered the flaw and confirmed it “may have been exploited in an extremely sophisticated attack against specific targeted individuals.” That line is Apple’s polite way of saying this wasn’t a theory, and someone had already abused the weakness. The company usually saves that language for cases linked to Pegasus-class spyware, and the similarities are hard to miss. Pegasus, developed by NSO Group, earned its reputation by sneaking into iPhones through zero-click images and iMessage payloads. CVE-2025-43300 fits the same mold – no interaction, full compromise.
Unlike previous incidents, Apple did not credit watchdogs like Citizen Lab. The fact that it gave credit to its own researchers suggests it caught the activity through internal monitoring or private intelligence. Apple kept names and details quiet, which is standard practice. Revealing too much would hand blueprints to other attackers before users finish patching.
The company’s vague phrasing does not make the threat any less serious. This was not a random hacker fishing for laughs. Such exploits usually come from government-backed groups that target journalists, activists, lawyers, or political figures. For ordinary users, it might feel distant – “I’m not a diplomat, who cares?” – but history shows these exploits rarely stay in the exclusive club for long. Once the method leaks, it often resurfaces in cheaper, more widespread attacks. That is why Apple released these emergency updates.
Which iPhones, iPads, and Macs Received the Security Fixes?
The vulnerable ImageIO code sits at the heart of iOS, iPadOS, and macOS. As a result, a wide range of Apple hardware was exposed. Apple didn’t limit the fix to its newest devices, and it issued patches across multiple OS generations to make sure both current and slightly older devices received protection. In practice, the company pushed updates to iPhones, iPads, and Macs dating back several years. Here’s how the rollout looks across platforms:
- iPhone models starting with iPhone XS are recommended to update to iOS 18.6.2. Devices stuck on iOS 17 or earlier, like the iPhone X or iPhone 8, received nothing. Those phones now act more like open windows than secure devices.
Source: Unsplash - Modern iPads moved to iPadOS 18.6.2, while Apple also shipped iPadOS 17.7.10 for models that couldn’t step into the iPadOS 18 cycle. That covers older hardware like the 10.5-inch iPad Pro and the iPad 6th gen, which still got patched despite their age.
Source: Unsplash - Macs running macOS Sequoia updated to 15.6.1. Apple also mirrored the fix in Sonoma 14.7.8 and Ventura 13.7.8. Machines stuck on Monterey or earlier got left behind, which shouldn’t shock anyone in 2025.
Source: Unsplash
The scope of these patches shows how deeply the flaw reached. Apple had to fix three major macOS lines and two iPadOS lines alongside iOS. The rule is simple – if your device supports one of these versions, update now. If it doesn’t, stop pretending your six-year-old gadget still keeps up, and start planning for a replacement.
Final Thoughts
It looked as if OS 26 on the horizon would leave older versions to fade quietly, but that theory did not survive reality. Security flaws and real-world attacks forced Apple to keep iOS and iPadOS 18 alive with 18.6.2, and macOS Sequoia with 15.6.1. Stability updates may not sound exciting, but when a single image file can take over your phone, flashy wallpapers suddenly feel less important.
Apple discovered this bug itself and patched it before dropping public details. That approach blocked attackers from copying the exploit while the update rolled out. Now that iOS 18.6.2, iPadOS 18.6.2, and macOS 15.6.1 (plus the 17/13/14 side releases) are available, there is no excuse left. The path to safety sits right in Settings > General > Software Update on iPhone or iPad, and in System Settings > General > Software Update on Mac. Press the button, wait a few minutes, and enjoy not being part of a spyware case study.
Every user on a supported device should install these updates. In today’s landscape of zero-click exploits and stealth spyware, staying current with software is one of the simplest shields you can hold. Apple plugged the hole quickly, and now it’s up to you to close the gap on your end.
