Apple ImageIO Zero-Day Vulnerability Update

August 22, 2025 Lisa Park Tech
News Context
At a glance
  • Apple has released a series of security updates to address a critical vulnerability that has reportedly been exploited in targeted attacks.
  • the company is urging users to install the updates promptly.
  • According to Adam Boynton, senior security strategy manager at Apple device management company Jamf Holding Corp., Apple has indicated that the vulnerability is being actively exploited in "elegant,...
Original source: siliconangle.com

Apple Releases Urgent Security Updates for iPhones, iPads, and Macs

Table of Contents

Apple has released a series of security updates to address a critical vulnerability that has reportedly been exploited in targeted attacks. the updates include iOS 18.6.2 for current iPhones, iPadOS 18.6.2 for current iPads, iPadOS 17.7.10 for older iPad models, macOS Sequoia 15.6.1, Sonoma 14.7.8,and Ventura 13.7.8.

the company is urging users to install the updates promptly. On iPhones and iPads, users can find the updates in Settings > General > Software Update. Mac users can apply them through System Settings > General > software Update.

Vulnerability Details and Targeted Attacks

According to Adam Boynton, senior security strategy manager at Apple device management company Jamf Holding Corp., Apple has indicated that the vulnerability is being actively exploited in “elegant, targeted attacks.” These attacks typically focus on individuals of high value, such as journalists, lawyers, activists, and government officials.

While Apple hasn’t explicitly linked this specific flaw to spyware, Boynton notes that similar vulnerabilities in ImageIO and WebKit have been used in past campaigns involving Pegasus spyware. He recommends that all users update to iOS 18.6.2 immediately, with a particular emphasis on those in industries at higher risk of spyware attacks.

Apple’s Interaction and Severity

Satnam Narang, senior staff research engineer at exposure management company Tenable Holdings Inc., highlighted the unusual language Apple is using to describe the vulnerability. Traditionally, Apple provides limited details about actively exploited zero-day vulnerabilities.

Narang points out that apple has only recently begun using the phrase “an extremely sophisticated attack against specific targeted individuals,” starting in 2025 with CVEs including CVE-2025-24201, CVE-2025-24200, CVE-2025-31200, CVE-2025-43200, and CVE-2025-43300. This purposeful phrasing suggests Apple is intentionally emphasizing the severity and targeted nature of these attacks.

Image Placeholder
Image: SiliconANGLE/Reve

About SiliconANGLE Media

SiliconANGLE Media is a leader in digital media innovation, combining breakthrough technology, strategic insights, and real-time audience engagement. It encompasses

Share this:

, ,