Apple published Ipados / iOS 18.6.2 on Wednesday, as a security update relating to zero-day vulnerability-followed under the name of CVE-2025-43300. The company said that the bug has already been exploited in a sophisticated attack on targeted users.
The security giant safety correction based on Cupertino has recruited alarms due to a critical defect in Apple’s Framework, a component used to process image files on a majority version of iPhones and iPads, used. Vulnerability implies an out -of -limited writing, which means that a maliciously manufactured image could crush memory and thus activate the execution of the remote code.
Apple confirmed that the flaw had been set by improving the verification of the limits and noted that it had received credible information suggesting the exploitation in a targeted manner.
“Apple is aware of a report that this problem may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The expression “extremely sophisticated attack” indicates that the flaw could be linked to a wider operation, potentially carried out by pirates of nation state or group of advanced persistent threats focused on high-level targets. Such a wording is generally used only for the most serious security incidents.
Apple zero days have been notoriously exploited in the past by spy software The sellers who under the mantle of national security interests helped several authoritarian governments to spy on the inhabitants of the opposition, journalists, intellectuals and activists in various fields.
Read: 7 new pegasus infections found on the media and the devices of activists in the EU
Apple detention policy of details until a fix is available is in force here. The launch of iOS 18.6.2 Wednesday indicates that the company quickly took internal measures to deploy defenses before public disclosure. The update is available For the iPhone XS and subsequent models, as well as the iPad Pro and iPad models dating from the 3rd generation of the 3rd generation and the iPad.
Applicable fixes for:
- iPhone XS and later
- 13 -inch iPad Pro
- Ipad pro 12.9 inch 3rd generation and later
- Ipad pro 11 inch 1st generation and later
- iPad Air 3rd generation and later
- iPad 7th generation and later, and
- iPad mini 5th generation and later
The fact that the attackers have exploited something as banal as an image file shows how modern zero day campaigns are targeting stealth and omnipresence. The images being automatically rendered between applications, browsers and messaging platforms, the attack surface becomes almost invisible to the end user.
The rapid deployment of the Apple patch may have blunted this particular threat, but it also highlights the current war between the manufacturers of devices and the attackers who are constantly looking for new ways of exploit Daily characteristics for high value gains.
