Apple is urging all of their 1.8 billion iPhone users to install the company’s latest security upgrade now, before their personal information is stolen by hackers.

According to the tech giant, the iOS 18.5 update solves a critical issue that allows cybercriminals access to your photos, text messages, and private app data.

Apple said that the fix is available to anyone with an iPhone model XS or later. iPhone XS was released in 2018, so the security update will cover the vast majority of Apple customers.

Released on May 12, iOS 18.5 specifically addresses several new Common Vulnerabilities and Exposures (CVEs) which can give criminals a way to infect iPhones with malware.

Two of these CVEs, CVE-2025-31251 and CVE-2025-31233, cause problems if someone opens a specially designed image or video.

Apple explained that these ‘maliciously crafted’ files could make an app crash unexpectedly or mess up the phone’s memory, potentially causing glitches or security risks.

The iOS 18.5 update will block this entry point for hackers by adding better checks to prevent harmful files from causing trouble.

However, the biggest issue now is making sure every iPhone user uploads this new security patch before it’s too late, something tech experts say is easier said than done.

Apple has just released a new security patch for all iPhones after model XS, iOS 18.5, which is designed to fix several vulnerabilities that allow hackers to gain access to pictures, passwords, and crash the device's apps

Apple has just released a new security patch for all iPhones after model XS, iOS 18.5, which is designed to fix several vulnerabilities that allow hackers to gain access to pictures, passwords, and crash the device’s apps

Experts at cloud backup and data protection company Safe Data Storage said that there’s a common belief that iPhones are ‘immune’ to things like malware, but the truth is no device is safe from hacking.

‘If someone sends you a seemingly innocent image and your phone hasn’t been updated, it could silently wreak havoc or grant intruders access to your private files,’ a representative from Safe Data Storage told The Mirror.

Apple moved quickly to get this fix ready once the CVEs were discovered in early 2025, but Safe Data Storage said it’s now up to over a billion individual users to get iOS 18.5 into their devices.

‘Tell your parents, your grandparents, your neighbor — anyone with an iPhone. These updates aren’t optional anymore — they’re your first line of defense,’ the representative continued.

As for how these devastating new attacks work, CVEs are essentially weak spots in the iPhone’s software that handles media files.

When an iPhone processes an image or video, it expects the file to follow certain rules.

However, a hacker can create a file that breaks these rules in a specific way, tricking the iPhone into making an error. This error can cause your apps to crash. 

Even worse, they can allow the hacker to run harmful code (malware) by exploiting the corrupted memory.

Hackers typically use these vulnerabilities as part of a larger attack, often through phishing emails or malicious websites which send out fake messages or trick people into clicking on harmful downloads.

These weak points in the iPhones allow hackers to send an image corrupted with malware to a user's iPhone. Once it's been opened, the program quietly takes over the device and shares its info with the hacker

These weak points in the iPhones allow hackers to send an image corrupted with malware to a user’s iPhone. Once it’s been opened, the program quietly takes over the device and shares its info with the hacker

Once the hacker’s code runs, the malware can cause several problems, including accessing photos, messages, contacts, or passwords stored on the victim’s iPhone.

Hackers can also remotely control things like the phone’s camera, microphone, and apps without the user ever knowing something is wrong.

For people who have a phone they use specifically for work, a hacked iPhone can help a hacker gain access to other devices linked through a corporate network such as a tech company, a bank, or a healthcare organization.

Even though your phone hasn’t been physically stolen, the malware copies data (like photos, emails, or login passwords) and sends it to the hacker’s server over the internet.

This program can also install a backdoor, letting the hacker keep accessing your phone after the initial attack ends.

Even after iPhone users install iOS 18.5, Apple and cybersecurity experts urge people to avoid opening any suspicious links or attachments they receive.

James Knight, who has 25 years of experience in the field of digital security, said people need to have a spam filter active on their accounts to block phishing emails.

The cyber warfare expert added that being on top of the latest security updates for your devices is crucial for staying ahead of new hacking schemes. 

‘Update the phone, update the laptop, even update your smart fridge, patch everything,’ Knight told the Daily Mail.

‘Update regularly, your browser and your software. That’s really, really key.’

***
Read more at DailyMail.co.uk