Your iPhone is under threat as Apple rushes emergency update; here’s what you need to do to stay safe

Apple has rushed out an emergency security update for iPhones, iPads, and Macs after discovering a serious software flaw that hackers were already using in what the company described as “extremely sophisticated attacks” on targeted individuals.

The patch, released Wednesday(August 20), fixes a zero-day vulnerability in Apple’s ImageIO framework, the system that processes image files across its devices. The flaw could allow a malicious image file to corrupt memory and potentially give attackers control of the device.

Apple said that the flaw impacts the processing of an image file, which “may result in memory corruption,” according to the notice.


“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the Cupertino, California-based tech giant added. It did not provide any details about who might have been targeted.

A blog post from the MalwareBytes antivirus and security company on Thursday noted that the security flaw “means that the attacker can manipulate parts of the device’s memory that should be out of their reach.”

Who is affected

The updates apply to a wide range of Apple devices, including:

• iPhone XS and later models
  
• iPad Pro (11-inch, 1st generation and newer; 12.9-inch, 3rd generation and newer; 13-inch), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later)
  
• Macs running macOS Sequoia, Sonoma, and Ventura
  

Users should install iOS 18.6.2, iPadOS 18.6.2 (or 17.7.10 for older devices), and macOS Sequoia 15.6.1 (with updates also available for Sonoma and Ventura).

Why it matters

Apple confirmed that the flaw had been exploited “in extremely sophisticated attacks against specific targeted individuals”.

Apple’s response

Apple said it addressed the flaw by improving memory bounds checking in ImageIO and reiterated its long-standing policy of withholding technical details until most users have patched their devices.

This is at least the seventh actively exploited zero-day Apple has patched in 2025, according to cybersecurity tracking site The Hacker News. Earlier fixes this year targeted flaws in Safari, WebKit, and the iOS kernel.

What should users do?

Apple is urging all users to install the latest updates immediately:

• On iPhone/iPad: Settings → General → Software Update
  
• On Mac: Apple menu → System Settings → General → Software Update
  

Security analysts say that while the current attacks appear to be narrowly targeted, the same exploit could be repurposed for wider use if left unpatched.

The emergency update comes just weeks before Apple’s annual September event, where the company is expected to unveil new iPhones and software features. Apple announced earlier this year that its mobile operating system will now be branded by year, meaning this fall’s release will be iOS 2026, instead of iOS 19.