The National Cyber Security Agency (NCSA) of Thailand has issued an urgent advisory for all users of iPhone and iPad devices to promptly update to iOS 18.6.2 and iPadOS 18.6.2, following the identification of a critical security vulnerability tracked as CVE-2025-43300 within Apple’s ImageIO Framework.
This vulnerability, classified as a zero-day, has reportedly been exploited in targeted attacks. According to Apple’s official security documentation, the flaw involves an out-of-bounds write issue that may lead to memory corruption when processing malicious image files. Apple has acknowledged that this vulnerability has been actively exploited in sophisticated attacks targeting specific individuals
Previously, on August 13, 2025, the NCSA had issued a similar warning regarding CVE-2025-6558, a zero-day vulnerability in the WebKit engine, which powers Safari and other web-based content on Apple devices. That flaw allowed attackers to compromise devices simply by directing users to malicious websites
In light of these developments, the NCSA strongly recommends that all users:
- Immediately update their devices via Settings → General → Software Update
- Avoid opening image files or web content from untrusted sources until the update is applied
- Ensure all applications are updated to their latest versions
These updates are considered critical to maintaining device integrity and protecting sensitive personal data from potential exploitation.
