Apple backports patch to older kit after 0-day exploitation
Apple backported an ImageIO out-of-bounds write fix to older iPhones and iPads after evidence of exploitation in extremely sophisticated attacks possibly tied to commercial surveillanceware.
Apple iOS update fixes new iPhone zero-day flaw | Computer Weekly
A zero-day in Apple's ImageIO enables zero-click image-based memory-corruption exploits; iOS/iPadOS 18.6.2 adds improved bounds checking to mitigate active exploitation.