Update Now: iOS 18.6.2 and macOS Sequoia 15.6.1 Fix Actively Exploited Vulnerability

[jz0309]

Is it safe to upgrade to Sequoia yet or should I wait until Tarhoe?

You should wait at least until macOS 28 is released...it's never safe to upgrade

 

[Shirasaki]

Edit: Used siri to restart the phone, seems to be working normally now.

First time I see someone using Siri to restart the phone. If your situation happens on me the only thing I can do is leaving the phone aside until battery runs dry before trying to restart as I have disabled Siri entirely.

 

[SpotOnT]

Maybe this is what the patch fixes? I mean, if there was going to be a backdoor, it’s already there by now.

I’m pretty sure the five eyes have a backdoor into iOS. Before anyone loses their mind, that’s just my opinion and obviously I have no evidence.

If the government had a backdoor to iOS, you just know the current administration in the White House would be using that nonstop in extremely evident ways.

It makes me think such a backdoor likely does not exist. My guess is more that governments have the ability to hack a specific targets iPhone if they want to (example Pegasus), but it is a time consuming and costly task, so rarely used.

 

[Little Boy Blue]

I just installed it. now my external USB-C monitor (LG) does't connect.

Fan-Bloody-Tastic!

 

[jchap]

I'd love to hear more details... what image file type is so complicated that it can be used as an attack vector?

Apple removed Flash because it was deemed to have too many security issues.

PDF seems complicated enough, but I wouldn't refer to it as an image file.

Maybe SVG?

As I understand it, Apple didn't "remove" Flash—they just didn't provide Flash support on iOS devices. I don't remember if they ever explicitly blocked Flash on iOS per se—maybe someone else here remembers it better.

Flash has always (?) been possible to use on macOS computers, provided you install the necessary plug-in from Adobe.

(Edit: Apple did add Flash Player to their malware recognition on macOS, according to this HowToGeek article.)

Your question, "what image file type is so complicated that it can be used as an attack vector?" is a good one, though. I'm always surprised when I read about how security flaws are found in even the most benign of image file formats. Apparently it's not so much the file contents itself, as the way that the image interpreter processes it. Those who want to hack into the image file formats need to know how the graphics are processed, and then they exploit weaknesses in the processing code. Pretty amazing stuff, and it really is a shock to think that even image formats can be compromised with the right bit of knowledge and in certain situations.

 

[AppleTO]

Could this not have been a “Security Response” update? Are those even a thing anymore?

 

[racerhomie]

Do you really think they use it to transmit top secret data? Who knows though because apparently we use signal to transmit military information so what do I know 😂



I don’t think this is a fair statement. Everyone worries about privacy and security. Do I think the average person is generally a target of governments? No, but that could change at the flip of switch. If someone in the government doesn’t like your opinion about something then all of a sudden you’re on a list.

You would be surprised about some of the data storage policies. Electronic devices like SSDs with encryption have changed the game a lot the last 15 years

 

[Shirasaki]

If the government had a backdoor to iOS, you just know the current administration in the White House would be using that nonstop in extremely evident ways.

Would they? Do you really think government would just let you know? I know stupid people are everywhere but there are smart ones trying to safeguard stupidity as much as possible.

I just installed it. now my external USB-C monitor (LG) does't connect.

Fan-Bloody-Tastic!

Your external monitor is now unsafe to use according to Apple.

Pretty amazing stuff, and it really is a shock to think that even image formats can be compromised with the right bit of knowledge and in certain situations.

Those image formats may be benign on the surface, but underneath they are quite complex nowadays. Even JPEG has JPEG-XL format apparently for higher resolution images. On the other hand, it is nearly impossible to safeguard everything from the beginning. It could also be just some lazy coding here and there that causes the problems. It is quite scary really.

You would be surprised about some of the data storage policies. Electronic devices like SSDs with encryption have changed the game a lot the last 15 years

Still, no tech can safeguard stupidity. And this administration is full of it.

 

[SunMac]

Even the ClA uses Apple devices in their operations. No one talks about it. And even the teams in the electronics warfare division have a certain respect for Apple stuff, as it’s not as easy to break in certain aspects. Hardware and software working together. It’s very expensive, simply put. And if you are still worried about such exploits you shouldn’t be on the internet with consumer level hardware and software

But also they are the ones making the exploits for Apple devices. There's a reason some governments in other countries don't use Apple products.

Apple faces partial iPhone ban in China

The Chinese government plans to expand a ban on the use of iPhones to state firms and agencies.

www.euronews.com

[Exclusive] Korean military set to ban iPhones over 'security' concerns

South Korea’s military is considering a comprehensive ban on iPhones in military buildings due to increasing concerns about possible leaks of sensitiv

www.koreaherald.com

Смартфоны Apple запретили использовать в служебных целях. Какая мобильная экосистема может прийти им на смену? - Российская газета

Минцифры вводит запрет на использование смартфонов и планшетов Apple для доступа к рабочим приложениям и рабочей переписке, сообщил глава министерства Максут Шадаев. Такие же запреты уже ввели Минпромторг, Минтранс, Федеральная налоговая служба, ряд других ведомств и несколько крупных компаний...

rg.ru

01001111 01110000 01100101 01110010 01100001 01110100 01101001 01101111 01101110 00100000 01010100 01110010 01101001 01100001 01101110 01100111 01110101 01101100 01100001 01110100 01101001 01101111 01101110

 

[SpotOnT]

Would they? Do you really think government would just let you know? I know stupid people are everywhere but there are smart ones trying to safeguard stupidity as much as possible.

Yes, I understand the smart move would be to not reveal the fact…but that assumes the smart people have enough power to control the situation.

What I see in the US today, is a President who has taken over control of every part of government. I don’t think such a tool could be kept secret from his administration.

I also think the current administration would quickly use such a tool to target those they didn’t like and advance their political agenda, even at the cost of revealing the existence of such a tool.

 

[MacATDBB]

Well ... that completely wiped my Bash history. ~/.bash_history has size zero.

 

[thelion7]

Are these security fixes included in the macOS and iOS 26 betas?

Not sure but chances are if these fixes aren’t already in the latest 26 betas we’ll probs get them in the next batch of builds.