Apple on Wednesday rushed safety updates throughout its cellular and desktop working programs to resolve a zero-day vulnerability exploited in extremely focused assaults.
Tracked as CVE-2025-43300, the safety defect is described as an out-of-bounds write bug affecting the ImageIO framework utilized in iOS, iPadOS, and macOS merchandise.
“Processing a malicious picture file could end in reminiscence corruption,” Apple explains in its advisory, noting that improved bounds checking was carried out to deal with the flaw.
The Cupertino-based tech large additionally famous that the vulnerability was exploited within the wild, however shunned offering particular info on the noticed assaults.
“Apple is conscious of a report that this problem could have been exploited in an especially subtle assault in opposition to particular focused people,” the barebone advisory reads.
The corporate’s wording means that the vulnerability may need been exploited by a industrial adware vendor.
Based on the advisory, CVE-2025-43300 was found internally by Apple, which signifies that particulars on the bug and its exploitation may not be printed quickly.
Patches for the safety gap had been included in iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.Commercial. Scroll to proceed studying.
Though Apple says the flaw was exploited in extremely focused assaults, all customers are suggested to replace their gadgets as quickly as potential. Extra info could be discovered on the Apple safety releases web page.
The tech firm kicked off 2025 with patches for an iOS zero-day, and launched patches for different exploited flaws in February, March, and April. In late July, it resolved a Safari vulnerability that had been exploited in opposition to Chrome customers.
Associated: Elastic Refutes Claims of Zero-Day in EDR Product
Associated: Picture-Stealing Adware Sneaks Into Apple App Retailer, Google Play
Associated: Apple Patches Main Safety Flaws in iOS, macOS Platforms
Associated: Gabbard Says UK Scraps Demand for Apple to Give Backdoor Entry to Knowledge
