Update Now: iOS 18.6.2 and macOS Sequoia 15.6.1 Fix Actively Exploited Vulnerability

[The Cockney Rebel]

despite the negativity about it here on MR, I'm actually enjoying it, on my iPad, which I use indoors only. iPhone is a different story as I use that outdoors quite a bit, so staying on the released version. Besides, wouldn't run a beta on my main tool

I’ve still got my 2018 iPad Pro, which I may be able to install it on (minus AI) but I’m holding on, now.

Must resist 😀.

 

[russell_314]

This is it? And what about the Silent TCC bypass and data extraction identified in 18.6?

I don’t want to fall into conspiracy theories but… this looks a bit like a backdoor, honestly. Dang, now I don’t know what to do, wether stay at 18.1 or accept this behaviour introduced in 18.6

Maybe this is what the patch fixes? I mean, if there was going to be a backdoor, it’s already there by now.

I’m pretty sure the five eyes have a backdoor into iOS. Before anyone loses their mind, that’s just my opinion and obviously I have no evidence.

 

[Reason077]

I'd love to hear more details... what image file type is so complicated that it can be used as an attack vector?

File formats don’t have to be particularly complex to be vulnerable. Rather, the bugs are in the code that processes those files, not fundamental to file formats themselves.

In the past, there have been many security vulnerabilities/exploits found in code that processes various media formats, including JPEG, PNG, etc, across many different OSes.

When these bugs are found, a carefully-crafted malicious file can exploit the bug to execute arbitrary code and gain control of the app displaying the image (eg: Safari, mail, WhatsApp…)

 

[Reason077]

I don’t want to fall into conspiracy theories but… this looks a bit like a backdoor, honestly. Dang, now I don’t know what to do, wether stay at 18.1 or accept this behaviour introduced in 18.6

The behaviour was observed in iOS 18.6, but there’s nothing to suggest it was introduced only in iOS 18.6. In all likelihood, earlier versions have the same issue.

 

[racerhomie]

Maybe this is what the patch fixes? I mean, if there was going to be a backdoor, it’s already there by now.

I’m pretty sure the five eyes have a backdoor into iOS. Before anyone loses their mind, that’s just my opinion and obviously I have no evidence.

Even the CIA uses Apple devices in their operations. No one talks about it. And even the teams in the electronics warfare division have a certain respect for Apple stuff, as it’s not as easy to break in certain aspects. Hardware and software working together. It’s very expensive, simply put. And if you are still worried about such exploits you shouldn’t be on the internet with consumer level hardware and software

 

[mxrider88]

The question is which new bugs did they introduce? I’ll wait…

 

[Populus]

The behaviour was observed in iOS 18.6, but there’s nothing to suggest it was introduced only in iOS 18.6. In all likelihood, earlier versions have the same issue.

Yeah, I’ve thought about that possibility as well… luckily I have one iPhone still on iOS 18.1 and another one in 18.6.1, so I’ll try following the instructions explained in that report and replicate it on both versions as well as on the newly released 18.6.2

I’ll keep you all posted on the thread that has been opened to this matter in the MacRumors Forums.

 

[andrewxgx]

This is it? And what about the Silent TCC bypass and data extraction identified in 18.6?

I don’t want to fall into conspiracy theories but… this looks a bit like a backdoor, honestly. Dang, now I don’t know what to do, wether stay at 18.1 or accept this behaviour introduced in 18.6

seriously? people bitch that operating system has access to your data?
if you dont want OS to have access to your reminders then write them on a piece of paper

 

[smoker68x]

seriously? people bitch that operating system has access to your data?
if you dont want OS to have access to your reminders then write them on a piece of paper

That’s like the people that refuse to give their information to Facebook, but they use Instagram. 🤦🏼‍♂️😂😂

 

[russell_314]

Even the CIA uses Apple devices in their operations.

Do you really think they use it to transmit top secret data? Who knows though because apparently we use signal to transmit military information so what do I know 😂

And if you are still worried about such exploits you shouldn’t be on the internet with consumer level hardware and software

I don’t think this is a fair statement. Everyone worries about privacy and security. Do I think the average person is generally a target of governments? No, but that could change at the flip of switch. If someone in the government doesn’t like your opinion about something then all of a sudden you’re on a list.

 

[Apple_Robert]

Updating my iPad Pro. Glad to see this. I wonder if this vulnerability was already patched in iOS /iPadOS 26 or will we see a special update.

 

[Jerry Fritschle]

The behaviour was observed in iOS 18.6, but there’s nothing to suggest it was introduced only in iOS 18.6. In all likelihood, earlier versions have the same issue.

Indeed. There is an iPadOS 17 patch as well. On the macOS side, in addition to the 15.6.1 update, the patch is going as far back as Ventura.

 

[russell_314]

Updating my iPad Pro. Glad to see this. I wonder if this vulnerability was already patched in iOS /iPadOS 26 or will we see a special update.

I wonder if beta releases get security update updates as quickly? I suspect if someone really needed high security, they wouldn’t be using a beta version of the OS.

 

[Hammerd]

This is it? And what about the Silent TCC bypass and data extraction identified in 18.6?

I don’t want to fall into conspiracy theories but… this looks a bit like a backdoor, honestly. Dang, now I don’t know what to do, wether stay at 18.1 or accept this behaviour introduced in 18.6

Bogus report from bogus researcher

 

[polyphenol]

I wonder if beta releases get security update updates as quickly? I suspect if someone really needed high security, they wouldn’t be using a beta version of the OS.

Needing high security and having the ability to appreciate beta versions imply risks do not necessarily go hand in hand with each other.

 

[novagamer]

Note: the below is NOT related to the topic directly, only follow-up to some crazy discussion that happened in this thread. The bug fixed in the topic is real and important. Update your OS.

Bogus report from bogus researcher

I looked at their other repos, the bluetooth one in particular is hilarious.

I'm guessing they got laughed out of the metaphorical room if they actually sent reports of that to Apple's Security Research Team. They are interpreting flags as carrying location metadata and provide zero evidence of exfiltration or the data itself.

Anyone staying on old versions because they think they have increased security is completely delusional.

edit: added a post of theirs in a Reddit thread for entertainment value and to calm down the one person in this thread that thinks they should stay on old versions. The AirPlay vulnerability mentioned is precisely why you don't stay on old versions because you think you know better than Apple. 18.1 is vulnerable to it.

This is like those tinfoil hat / mentally ill people who read stack traces without understanding them and assume they are being targeted by Nation States.

The Audio bug they mentioned was valid but another researcher has a full write-up about it and this person only posted about it after Apple fixed it and didn't release any source code so who knows if they actually discovered it or were just trying to build clout. Here's a good blog post that details that bug (which the GitHub repo by this jackass doesn't mention, I wonder why): https://blog.noahhw.dev/posts/cve-2025-31200/

 

[noraa]

Whatever happened with them Rapid Security Response system Apple implanted a few years back? The only time I can ever remember it being used was when Apple pushed out a test of the system. I wonder if it just never worked properly, and has basically be abandoned?

 

[BenTrovato]

My iphone 16 is stuck after the update. I can unlock and use siri but when I press on icons nothing happens. I can long press and re-arrange icons but they don't actually re-arrange. On the lock screen, flashlight and photos work but once in, pressing on anything doesn't work. I can't restart the phone either. Vol up/down and power doesn't do anything but siri does work.

Edit: Used siri to restart the phone, seems to be working normally now.

 

[rebl]

After upgrade my MBP 16 M2 keyboard fully stopped working! Only power button works, nothing else! Also the trackpad doesnt click anymore and I get MTP Panic crashes.

Diagnosis shows PPP020, NDR008 and NDK001.

Anyone else has problems?

 

[aj8690]

This is it? And what about the Silent TCC bypass and data extraction identified in 18.6?

I don’t want to fall into conspiracy theories but… this looks a bit like a backdoor, honestly. Dang, now I don’t know what to do, wether stay at 18.1 or accept this behaviour introduced in 18.6

There have been over 200 published CVEs since 18.1 was released. Lose the tin foil hat and patch your vulnerable device.

 

[Shirasaki]

Don’t open any image, stay on ios 18.6.1 and you should be fine

You can’t not open any image if you use browser. Or open any image in photos app. Or take any photos. Well I suppose the last one is relatively safe.

 

[Astuces iOS]

You can’t not open any image if you use browser. Or open any image in photos app. Or take any photos. Well I suppose the last one is relatively safe.

I think it’s just if you open an image in your browser or email or things like that lol

 

[hoodafoo]

Is it safe to upgrade to Sequoia yet or should I wait until Tarhoe?

 

[DailySlow]

Smooth sailing for my 14 and iPad mini. East Coast Mid-Atlantic. I shall wait on Macs as I have a FTime meeting and don't want to break that.

 

[Six Mac Abs]

Is it safe to upgrade to Sequoia yet or should I wait until Tarhoe?

Tarwho?