Apple has launched iOS 18.6.2 and iPadOS 18.6.2 together with macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8 to repair a zero-day within the ImageIO framework that was exploited within the wild.
Per Apple, processing a malicious picture might corrupt reminiscence, enabling code execution, and the corporate is conscious of a report of use in a particularly refined assault focusing on particular people.
The flaw sits in ImageIO, the part that parses frequent picture codecs, which makes supply by way of on a regular basis channels, together with messaging apps and internet content material, easy from an attacker’s perspective. As safety shops reported, the bug is tracked as CVE-2025-43300 and stems from an out-of-bounds write that Apple addressed with improved bounds checking.
The crypto angle is direct. Pockets house owners usually copy and paste recipient addresses, and plenty of hold restoration phrases in screenshots or picture storage for comfort. Analysis this yr documented households of cellular spy ware and stealers that scan galleries utilizing optical character recognition and exfiltrate pictures with seed phrases, in addition to strains that monitor the clipboard to swap addresses throughout a transaction.
As Kaspersky reported, SparkCat and its successor SparkKitty used OCR to reap seed phrases from images on each iOS and Android, together with samples noticed on official app shops.
A compromise achieved by a booby-trapped picture can, due to this fact, act as an preliminary foothold to allow gallery scraping for restoration phrases, surveillance of crypto app exercise, and clipboard hijacking throughout on-chain transfers. Earlier analysis on clipboard hijackers explains how handle strings are silently changed to redirect funds throughout copy-paste, a tactic lengthy utilized by drainer operations.
The present incident additionally matches a sample of high-value iOS exploit chains used towards focused customers. In 2023, Citizen Lab documented a zero-click chain, dubbed Blastpass, used to ship business spy ware, demonstrating how picture and message parsing bugs will be linked for machine takeover with out person interplay.
That historic baseline, coupled with Apple’s acknowledgment of real-world use within the current case, frames the danger for crypto customers who depend on cellular units as major signing endpoints.
Affect spans latest iPhone fashions and iPads coated by iOS 18 and iPadOS 18, together with iPhone XS and later, plus supported Macs on Sequoia, Sonoma, and Ventura. Customers can confirm safety by confirming iOS or iPadOS 18.6.2, macOS Sequoia 15.6.1, Sonoma 14.7.8, or Ventura 13.7.8 in Settings, then rebooting after set up.
Safety shops urged instant updates following Apple’s launch and disclosure.
For a crypto-savvy viewers, the operational takeaway is to shut publicity by updating and to cut back post-exploit blast radius by shifting seed storage off picture libraries, reviewing app picture permissions, limiting clipboard entry, and treating cellular wallets as sizzling environments with strict hygiene.
Apple’s notes state the foundation trigger was an out-of-bounds write in ImageIO that’s now mitigated with stricter bounds checks, and the corporate confirmed exploitation experiences when delivery the patch.