Expert warns 'everyone should check their iPhones immediately' to fix major bug

Apple regularly pushes out incremental software updates for the iPhone's iOS software throughout the year to introduce updated software features, new emojis and apps, or to fix bugs that could leave users vulnerable to cyber attack or online fraud.

The latter is the reason Apple has just released iOS 18.6.2, a free software update available now to all iPhones released since 2018. It's always a good idea to install the latest available version of iOS, but this particular one has rung alarm bells with industry experts.

Apple releases information about the security updates it provides, confirming that iOS 18.6.2 fixes a flaw behind the scenes in what's known as ImageIO, a technical standard used on iPhones.

Apple said the flaw, whose unique codename is CVE-2025-43300, had been "exploited", which means criminals have been taking advantage of the bug to attack or gain access to information on iPhones out in the real world.

A fix for a bug that is already being exploited is known as a zero-day fix, because software teams have had zero days to work on a fix that is already negatively affecting people.

"The fix in iOS 18.6.2 addresses a flaw in Apple's ImageIO framework, which enables devices to read and write a wide range of image file formats," said Adam Boynton, Senior Security Strategy Manager EMEIA at security firm Jamf.

"CVE-2025-43300 could allow an attacker to trigger memory corruption if a user opens a malicious image file, potentially enabling malicious code execution and compromise of the iPhone."

Sylvain Cortes, VP Strategy at cybersecurity company Hackuity agrees.

"With the vulnerability being actively exploited, everyone should check their iPhones immediately," he said.

While it's always good practice to update your iPhone's software, especially in this situation, Cortes does note that you are unlikely to have been the target of this latest attack.

"This latest iOS update is a powerful reminder of why you should never delay applying updates. It's notable that Apple has explicitly warned CVE-2025-43300 may already have been exploited in the wild and allows for high-level, targeted attacks. Previous exploits of this nature have been used to target government officials, journalists, and other high-value individuals."

Apple is close to releasing the next version of iOS, which is confusingly called iOS 26 as the firm moves to bring the iPhone's version number in line with the year in which it will be used the most - 2026. It's expected to roll out to current iPhones next month, when Apple is very likely to unveil its new iPhone 17 range.

Until then, it's good to see iOS 18 receiving important security updates.

"While Apple has not confirmed whether this specific flaw was linked to spyware, similar vulnerabilities in ImageIO and WebKit have previously been used in Pegasus campaigns," said Jamf's Boynton.

"Even though the exploitation appears targeted, we recommend that all users update to iOS 18.6.2 immediately, particularly those in industries most at risk of spyware attacks."