Aug 21, 2025Ravie LakshmananVulnerability / Zero-Day
Apple has launched safety updates to deal with a safety flaw impacting iOS, iPadOS, and macOS that it stated has come underneath energetic exploitation within the wild.
The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides within the ImageIO framework that might end in reminiscence corruption when processing a malicious picture.
“Apple is conscious of a report that this concern might have been exploited in an especially subtle assault towards particular focused people,” the corporate stated in an advisory.
The iPhone maker stated the bug was internally found and that it was addressed with improved bounds checking. The next variations tackle the safety defect –
iOS 18.6.2 and iPadOS 18.6.2 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third era and later, iPad Professional 11-inch 1st era and later, iPad Air third era and later, iPad seventh era and later, and iPad mini fifth era and later
iPadOS 17.7.10 – iPad Professional 12.9-inch 2nd era, iPad Professional 10.5-inch, and iPad sixth era
macOS Ventura 13.7.8 – Macs operating macOS Ventura
macOS Sonoma 14.7.8 – Macs operating macOS Sonoma
macOS Sequoia 15.6.1 – Macs operating macOS Sequoia
It is presently not identified who’s behind the assaults and who might have been focused, but it surely’s possible that the vulnerability has been weaponised as a part of extremely focused assaults.
With the newest replace, Apple has thus far mounted a complete of seven zero-days which were abused in real-world assaults for the reason that begin of the yr: CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, and CVE-2025-43200.
Final month, the corporate additionally issued patches for a Safari vulnerability residing in an open-source element (CVE-2025-6558) that Google reported as having been exploited as a zero-day within the Chrome net browser.
