Apple has released iOS 18.6.2 and macOS Sequoia 15.6.1, two urgent software updates designed to patch a newly discovered security vulnerability. While neither update introduces new features, both are critical for device protection and stability across iPhones, iPads, and Macs.
The company confirmed that the flaw may have been actively exploited, which means attackers could have been using it in real-world scenarios before the fix was made available. The vulnerability impacted ImageIO on both iOS and iPadOS, and as per Apple, “Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
On iPhone, iOS 18.6.2 continues Apple’s approach of shipping smaller incremental updates in between major versions of iOS 26 expected later this year. Mac users are receiving the same treatment with macOS Sequoia 15.6.1, ensuring that Apple’s desktop and laptop systems remain equally protected. While the update does not change functionality, it strengthens core defenses, reduces the risk of unauthorized access, and maintains system reliability.
Security updates of this kind highlight how Apple prioritizes user protection. Unlike feature-driven releases, these patches are aimed at reducing attack surfaces and addressing vulnerabilities before they spread widely. This rapid response is part of Apple’s broader strategy to keep its ecosystem secure at all times, even if that means releasing several minor updates within a single software cycle.
Users are strongly advised to install the updates immediately. iOS 18.6.2 is available under Settings > General > Software Update on compatible iPhones and iPads. Mac users can update to macOS Sequoia 15.6.1 by navigating to System Settings > General > Software Update. Both updates are rolling out globally today.
For enterprises and individual users alike, applying security updates quickly is essential. Delaying installations leaves devices open to known exploits, and attackers often move fast once a flaw becomes public. These fixes are especially important for users who rely heavily on their devices for sensitive work, financial transactions, or personal communication.
