Apple fixes zero-day vulnerability exploited in "extremely sophisticated attack" (CVE-2025-43300)
helpnetsecurity.com 20.08.2025 - Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day in targeted attacks. CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable device processing a malicious image file, leading to exploitable memory corruption. The vulnerability affects the Image I/O framework used by Apple’s iOS and macOS operating systems. Apple has fixed this flaw with improved bounds checking in: iOS 18.6.2 and iPadOS 18.6.2 iPadOS 17.7.10 macOS Sequoia 15.6.1 macOS Sonoma 14.7.8 macOS Ventura 13.7.8 With Apple claiming the discovery of the vulnerability, it’s unlikely that we will soon find out who is/was leveraging it and for what. But even though these attacks were apparently limited to targeting specific individuals – which likely means that the goal was to delivery spyware – all users would do well to upgrade their iDevices as soon as possible.
