Close Menu
Science & Tech

Critical Apple Security Flaw Lets Hackers Hijack iPhones, iPads, and Macs via Malicious Image Files

Hina KashifBy No Comments2 Mins Read

The National Computer Emergency Response Team (NCERT) has sounded the alarm on a dangerous zero-day vulnerability affecting Apple devices, including iPhones, iPads, and MacBooks. The flaw, tracked as CVE-2025-43300, exists in Appleā€™s ImageIO framework and is currently being exploited in the wild.

According to NCERT, this high-risk vulnerability allows attackers to remotely take control of a device simply by getting the user to open a specially crafted image file. The exploit can cause memory corruption, enable unauthorized access, and lead to the exposure of sensitive data ā€” all without requiring special permissions.

Devices at Risk

The vulnerability was originally identified in iOS 17.4 and continues to affect multiple versions of Appleā€™s operating systems. Apple has responded by releasing critical security updates to patch the issue:

  • iOS and iPadOS: Update to 18.6.2 or later

  • macOS: Update to Sequoia 15.6.1, Ventura 13.7.8, or Sonoma 14.7.8

Immediate Actions Advised

NCERT urges all users ā€” both individuals and organizations ā€” to install the latest updates without delay. For those unable to update immediately, the agency recommends:

  • Avoid opening image files from unknown or untrusted sources

  • Disable automatic image rendering in apps, if possible

  • Monitor for abnormal system crashes or memory issues

  • Enable automatic updates and use MDM tools in enterprise environments

  • Strengthen endpoint monitoring to detect exploitation attempts

While no specific indicators of compromise (IoCs) have been shared yet, NCERT warns that attack campaigns are ongoing, and the window for prevention is closing fast.

Why It Matters

This vulnerability is particularly dangerous due to its ease of exploitation and wide attack surface ā€” image files are commonly shared and often trusted by users. If exploited, attackers could gain full control of a device, putting both personal and corporate data at serious risk.

NCERTā€™s final message: Apply Appleā€™s latest security patches immediately to safeguard your devices from this active and critical threat.

Share.

As a student of journalism and content creator, I combine strategic insight with impactful storytelling to explore culture, lifestyle, and pressing social issues. Dedicated to truth, integrity, and justice, my work aims to amplify marginalised voices, foster empathy, and inspire meaningful, positive change.

Related News

Comments are closed.

The Truth International is a fortnightly magazine and news platform offering in-depth articles, editorials, and the latest breaking news across Pakistan and the globe. Its coverage spans diverse categoriesā€”including politics, economy, science & tech, health & education, entertainment, sports, art & culture, and opinion pieces.

The Company

© 2025 The Truth International.