HEIC files are safe to open. They are standard image containers — essentially a wrapper around HEVC-compressed image data. They cannot contain executable code, scripts, or macros. Opening a HEIC file in any standard image viewer poses no security risk.
The format is defined by the ISO Base Media File Format (ISO/IEC 14496-12), the same family that includes MP4. Apple uses HEIC as the default photo format on every iPhone, which means billions of HEIC files are created and opened daily without incident.
That said, the general rules of file safety still apply. If someone sends you a file claiming to be a HEIC image but it has an unusual file size (a 500 MB "photo" should raise eyebrows) or came from an untrusted source, exercise normal caution. Verify the file extension matches the actual content — a file named photo.heic that's actually an executable is not a HEIC file.
One indirect risk: some users install third-party HEIC viewer software from untrusted sources, which could itself be malicious. Stick to the official Microsoft HEIF extensions, built-in macOS/iOS support, or reputable tools like fwip that process files locally in your browser.