If you own an iPhone, iPad, or Mac, you must update your software immediately. Apple has just released an urgent patch to fix a serious security flaw that allowed hackers to break into devices simply by sending a picture. You didn’t need to click anything, open a strange link, or download a file—just receiving and viewing the image was enough to put your phone or computer at risk.
This is one of those rare “drop everything and update” moments. Let’s walk through what happened, why it matters, and what you need to do to keep your Apple device safe.
What happened?
Earlier this week, Apple announced that a critical weakness had been discovered in the way its devices handle images. The problem lay in something called ImageIO, the part of Apple’s software that reads and displays pictures across all apps—whether it’s in iMessage, Mail, Safari, or even social media apps.
Hackers found a way to craft a malicious image file that could exploit this weakness. If that image landed on your phone and the system tried to process it, the hacker could potentially gain access to your device. In other words, simply receiving a picture—without clicking or downloading anything—could open the door to an attacker.
Why is this so dangerous?
Most of us view dozens of images every day. They arrive in WhatsApp, iMessage, emails, social media feeds, and websites. Because ImageIO is built into the system, almost every image passes through it. That makes this type of flaw especially serious—it gives attackers a huge number of potential pathways to reach you.
And unlike scams that require you to click a suspicious link or download a shady app, this was a “zero-click” attack. It could work even if you did absolutely nothing. That’s why Apple moved so quickly to patch it.
Who discovered it and who is behind the attacks?
Apple has not named the group responsible, but it has confirmed that the flaw was being actively used by hackers in real-world attacks. The company described it as part of an “extremely sophisticated” campaign, language it usually reserves for attacks carried out by mercenary spyware companies or even state-backed groups.
Karan Bir Singh Sidhu, IAS (Retd.), former Special Chief Secretary, Punjab, writes on the intersection of constitutional probity, due process, and democratic supremacy.
The good news is that Apple also said the attacks were targeted—meaning only a very small number of people, likely journalists, activists, or high-profile individuals, were victims. There is no evidence this was being used against millions of ordinary users. Still, because the vulnerability is now public, Apple wants everyone to update immediately before criminals copy the technique.
How many people were affected?
So far, Apple hasn’t released any numbers. In past cases like this, only a handful of users were directly targeted. But the exact number matters less than the potential. The flaw was so severe that Apple had to treat it as an emergency for all iPhone and Mac users worldwide.
When did this come to light?
The flaw, officially called CVE-2025-43300, was made public on 20 August 2025, when Apple rushed out emergency updates for all supported devices. In other words, Apple recognised the danger and acted fast.
What has Apple done to fix it?
Apple has issued software updates that close the loophole. The fix improves how ImageIO checks image files before processing them, preventing the kind of memory error hackers were exploiting.
Here are the versions you should see once you update:
iPhone and iPad: iOS 18.6.2, iPadOS 18.6.2, or iPadOS 17.7.10
Mac computers: macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, or macOS Ventura 13.7.8
If your device hasn’t yet prompted you to update, head to Settings → General → Software Update on iPhone or iPad, or System Settings → General → Software Update on a Mac. Install the latest version right away.
How does this compare to earlier Apple hacks?
This isn’t the first time hackers have gone after Apple devices using malicious images.
In 2021, the so-called FORCEDENTRY exploit allowed spyware makers to hack iPhones by sending disguised image files through iMessage. Apple later sued the Israeli spyware company NSO Group over its role in those attacks.
In 2023, another “zero-click” chain known as BLASTPASS combined a flaw in image processing with one in Apple Wallet to break into devices.
These cases show that images, which we tend to treat as harmless, are actually a powerful weapon for hackers. That’s why Apple continues to harden iMessage and even created a special Lockdown Mode for people at high risk, such as journalists and human rights defenders.
What should normal users do now?
For most people, the solution is simple: update your devices right away. That’s the single most important step you can take.
A few other tips:
Turn on automatic updates so you don’t have to rely on news alerts to stay protected.
If you think you may be a high-value target—for example, you work in sensitive journalism, politics, or international business—consider enabling Lockdown Mode in your settings. It limits how your phone handles attachments and messages, reducing the risk of similar attacks.
Stay cautious about messages from unknown senders. Even though this particular attack required no interaction, many others still depend on tricking you into tapping a link.
How have people reacted?
Consumer and tech press have sounded the alarm. Headlines have urged users to “update immediately” and “drop everything and patch.” The general mood is not panic, but urgency. People understand that while the attacks so far were targeted, the window for criminals to copycat the technique is now open.
For Apple, the reaction has been fairly typical: praise for its quick patching, but also criticism that these flaws keep happening. Still, compared to many other tech companies, Apple is seen as fast and transparent in handling such zero-day threats.
Why this matters to you
Even if you’re not a politician, journalist, or business executive, it’s worth remembering that your phone is your bank, ID card, photo album, and office in one device. Keeping it secure isn’t just about avoiding “hackers in the abstract”—it’s about protecting your money, identity, and personal memories.
Attacks like this show that hackers will continue to look for clever ways into our devices. Apple can close the loopholes, but only you can make sure the fix reaches your phone or computer by installing updates.
The bottom line
A serious security flaw in Apple’s image-handling software allowed hackers to break into devices just by sending a picture.
Apple released emergency patches on 20 August 2025 for iPhones, iPads, and Macs.
The flaw was actively exploited in targeted attacks, but could be copied more widely if people don’t update.
You should update immediately to iOS 18.6.2 (or the latest for your device) or macOS 15.6.1/14.7.8/13.7.8.
Turn on automatic updates and consider Lockdown Mode if you face higher risks.
Final word: Don’t wait. Open your settings, update your device, and close this dangerous loophole today.