[German]A brief update from this week: On August 20, 2025, Apple released updates for iOS and iPadOS that address critical vulnerabilities in the operating systems. Here is some information.
The update to iOS 18.6.2 and iPadOS 18.6.2 closed vulnerability CVE-2025-43300 in the Image I/O framework, which enables apps to read and write most image file formats.
An out-of-bounds write allowed attackers to use the vulnerability to send input to a program in order to write data outside the allocated memory buffer. This could cause the program to crash, corrupt data, or, in the worst case, execute remote code. Apple is aware of a report that this issue may have been exploited in a highly sophisticated attack targeting specific individuals.
The update is available for iPhone XS and newer, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and newer, iPad Pro 11-inch 1st generation and newer, iPad Air 3rd generation and newer, iPad 7th generation and newer, and iPad mini 5th generation and newer.
The colleagues at Bleeping Computer pointed this out here. They report that Apple has released updates to prevent exploitation in iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. Users should therefore update the affected Apple devices as soon as possible. Malwarebytes has published some information on this.
Google's Gemini also had a vulnerability (prompt injection) in the CLI for scaling images, as I read at The Register.
