Apple launched iOS 18.6.2 and iPadOS 18.6.2 on Aug. 20, 2025, together with macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8, to repair a zero-day within the ImageIO framework that was exploited within the wild.
Per Apple, processing a malicious picture may corrupt reminiscence, enabling code execution, and the corporate is conscious of a report of use in a particularly refined assault concentrating on particular people.
The flaw sits in ImageIO, the part that parses widespread picture codecs, which makes supply by way of on a regular basis channels, together with messaging apps and internet content material, easy from an attacker’s perspective. As safety shops reported, the bug is tracked as CVE-2025-43300 and stems from an out-of-bounds write that Apple addressed with improved bounds checking.
The crypto angle is direct. Pockets homeowners usually copy and paste recipient addresses, and plenty of hold restoration phrases in screenshots or picture storage for comfort. Analysis this 12 months documented households of cell spy ware and stealers that scan galleries utilizing optical character recognition and exfiltrate pictures with seed phrases, in addition to strains that monitor the clipboard to swap addresses throughout a transaction.
As Kaspersky reported, SparkCat and its successor SparkKitty used OCR to reap seed phrases from images on each iOS and Android, together with samples noticed on official app shops.
A compromise achieved by means of a booby-trapped picture can, due to this fact, act as an preliminary foothold to allow gallery scraping for restoration phrases, surveillance of crypto app exercise, and clipboard hijacking throughout on-chain transfers. Earlier analysis on clipboard hijackers explains how tackle strings are silently changed to redirect funds throughout copy-paste, a tactic lengthy utilized by drainer operations.
The present incident additionally suits a sample of high-value iOS exploit chains used in opposition to focused customers. In 2023, Citizen Lab documented a zero-click chain, dubbed Blastpass, used to ship industrial spy ware, demonstrating how picture and message parsing bugs might be linked for system takeover with out consumer interplay.
That historic baseline, coupled with Apple’s acknowledgment of real-world use within the current case, frames the danger for crypto customers who depend on cell gadgets as major signing endpoints.
Impression spans latest iPhone fashions and iPads lined by iOS 18 and iPadOS 18, together with iPhone XS and later, plus supported Macs on Sequoia, Sonoma, and Ventura. Customers can confirm safety by confirming iOS or iPadOS 18.6.2, macOS Sequoia 15.6.1, Sonoma 14.7.8, or Ventura 13.7.8 in Settings, then rebooting after set up.
Safety shops urged quick updates following Apple’s launch and disclosure.
For a crypto-savvy viewers, the operational takeaway is to shut publicity by updating and to scale back post-exploit blast radius by shifting seed storage off picture libraries, reviewing app picture permissions, limiting clipboard entry, and treating cell wallets as scorching environments with strict hygiene.
Apple’s notes state the foundation trigger was an out-of-bounds write in ImageIO that’s now mitigated with stricter bounds checks, and the corporate confirmed exploitation stories when delivery the patch.
