Apple Patches Zero-Day Exploited in Targeted Attacks

Apple Patches Zero-Day Exploited in Targeted Attacks

Posted on By CWS

Apple on Wednesday rushed safety updates throughout its cellular and desktop working programs to resolve a zero-day vulnerability exploited in extremely focused assaults.

Tracked as CVE-2025-43300, the safety defect is described as an out-of-bounds write bug affecting the ImageIO framework utilized in iOS, iPadOS, and macOS merchandise.

“Processing a malicious picture file could end in reminiscence corruption,” Apple explains in its advisory, noting that improved bounds checking was carried out to deal with the flaw.

The Cupertino-based tech large additionally famous that the vulnerability was exploited within the wild, however shunned offering particular info on the noticed assaults.

“Apple is conscious of a report that this problem could have been exploited in an especially subtle assault in opposition to particular focused people,” the barebone advisory reads.

The corporate’s wording means that the vulnerability may need been exploited by a industrial adware vendor.

Based on the advisory, CVE-2025-43300 was found internally by Apple, which signifies that particulars on the bug and its exploitation may not be printed quickly.

Patches for the safety gap had been included in iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.Commercial. Scroll to proceed studying.

Though Apple says the flaw was exploited in extremely focused assaults, all customers are suggested to replace their gadgets as quickly as potential. Extra info could be discovered on the Apple safety releases web page.

The tech firm kicked off 2025 with patches for an iOS zero-day, and launched patches for different exploited flaws in February, March, and April. In late July, it resolved a Safari vulnerability that had been exploited in opposition to Chrome customers.

Associated: Elastic Refutes Claims of Zero-Day in EDR Product

Associated: Picture-Stealing Adware Sneaks Into Apple App Retailer, Google Play

Associated: Apple Patches Main Safety Flaws in iOS, macOS Platforms

Associated: Gabbard Says UK Scraps Demand for Apple to Give Backdoor Entry to Knowledge

Security Week News Tags:, , , , ,

Related Posts

Canadian Electric Utility Says Power Meters Disrupted by Cyberattack Canadian Electric Utility Says Power Meters Disrupted by Cyberattack Security Week News
re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities  re:Invent 2025: AWS and Security Vendors Unveil New Products and Capabilities  Security Week News
640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack 640 NPM Packages Infected in New ‘Shai-Hulud’ Supply Chain Attack Security Week News
Over 300,000 Individuals Impacted by Vitas Hospice Data Breach Over 300,000 Individuals Impacted by Vitas Hospice Data Breach Security Week News
Sharing Intelligence Beyond CTI Teams, Across Wider Functions and Departments Sharing Intelligence Beyond CTI Teams, Across Wider Functions and Departments Security Week News
Canadian Tire Data Breach Exposes Millions of Accounts Canadian Tire Data Breach Exposes Millions of Accounts Security Week News