Apple has warned iPhone users about a critical zero-day vulnerability (CVE-2025-43300) affecting older iOS versions, which allows hackers to exploit the Image I/O framework using malicious images, potentially crashing apps, corrupting data, or enabling remote control. Apple has released iOS 18.6.2 to fix the flaw and urged all users—especially on iPhone XS and later—to update immediately, as real-world attacks are already occurring. This is part of a series of six zero-day exploits patched by Apple since January 2025, highlighting the growing sophistication of cyberattacks and the urgent need for timely software updates.
Apple has issued a critical warning to iPhone users, cautioning that older versions of the iOS operating system contain a dangerous security flaw that leaves devices vulnerable to cyberattacks. The flaw, a zero-day vulnerability officially tracked as CVE-2025-43300, was discovered in all outdated versions of iOS. To address the issue, Apple has rolled out iOS 18.6.2, which includes a fix. Users who continue running older versions are strongly urged to update immediately, as unpatched devices remain exposed to active threats.
According to Apple’s security advisory, the vulnerability is linked to the Image I/O framework—a system responsible for handling image data. Hackers can exploit this weakness using maliciously crafted image files, tricking the system into writing data outside of its allocated memory. Such an attack could cause apps to crash, corrupt sensitive information, or, in severe cases, give cybercriminals the ability to remotely control the device.
Apple has confirmed that attackers have already begun exploiting this flaw in real-world cyberattacks, making it an urgent matter for users. The company emphasized that all iPhone models from iPhone XS onward are potentially at risk if not updated. Installing the latest update is the only way to ensure protection against ongoing threats.
This is not an isolated case. In fact, Apple has had to address a series of similar vulnerabilities this year. Since January 2025 alone, the company has patched six zero-day exploits, including CVE-2025-24085 (January), CVE-2025-24200 (February), CVE-2025-24201 (March), and two others in April—CVE-2025-31200 and CVE-2025-31201. Security analysts note that the rapid discovery of these flaws highlights both the increasing sophistication of cyberattacks targeting Apple devices and the importance of keeping software up to date.
Cybersecurity experts are urging iPhone owners not to delay the update, as zero-day vulnerabilities are among the most dangerous: they are unknown to the vendor at the time of discovery, giving hackers a window of opportunity to launch stealthy and targeted attacks.
