Apple released emergency security updates for iPhones, iPads and Macs after disclosing a zero-day vulnerability, CVE-2025-43300, in the ImageIO framework that processes image files. The flaw allows attackers to take full control of a device by sending a single specially crafted image, and does not require the victim to click or tap the file. The company said it is aware of "extremely sophisticated" attacks exploiting the weakness against a small number of specific targets. Researchers categorised the bug as a remote-code-execution issue caused by an out-of-bounds write, which Apple addressed through improved bounds checking. The fixes are bundled in iOS 18.6.2, iPadOS 18.6.2 and macOS Sequoia 15.6.1, with parallel patches for earlier operating-system branches. Apple urged users to install the updates immediately to block potential compromise, while security analysts warned that the underlying technique could spread quickly once technical details become public.