Apple has released iOS 18.6 with critical security patches addressing 29 vulnerabilities, marking one of the most substantial security updates ahead of the iOS 26 launch expected later this year. The update includes fixes across multiple system components, with particular attention to a dangerous Photos app vulnerability that could lead to arbitrary code execution when processing malicious image files.
Security researchers highlight CVE-2025-XXXXX as the most critical patch, affecting the ImageIO framework. This memory corruption flaw allowed attackers to execute code with kernel privileges through specially crafted images. At least three of the patched vulnerabilities were under active exploitation, according to Apple's security bulletin.
The update also introduces new security architecture for sideloading in EU markets, complying with the Digital Markets Act requirements. These changes include enhanced app notarization, installation authorization prompts, and runtime protections - laying groundwork for iOS 26's expanded third-party app ecosystem.
Enterprise security teams should prioritize deployment due to fixes in:
- CoreMedia (multiple memory handling issues)
- WebKit (three separate XSS vulnerabilities)
- Kernel (privilege escalation vectors)
- Find My network tracking protections
Apple has not reported widespread exploitation but recommends immediate installation for all users, especially those handling sensitive data. The update is available for iPhone XS and later models, with security-only patches for older devices.
Comentarios 0
Comentando como:
¡Únete a la conversación!
Sé el primero en compartir tu opinión sobre este artículo.
¡Inicia la conversación!
Sé el primero en comentar este artículo.