Apple has issued emergency updates to patch a zero-day vulnerability, CVE-2025-43300, which has been exploited in a sophisticated cyberattack targeting specific individuals. This flaw arises from an out-of-bounds write issue within the Image I/O framework, crucial for accessing various image file formats. Such vulnerabilities allow attackers to manipulate data processing, potentially leading to crashes, data corruption, and remote code execution.
Apple acknowledged reports of this vulnerability being used in targeted attacks and has implemented improved bounds checking to prevent exploitation through malicious image files. Updates are available for iOS 18.6.2, iPadOS 18.6.2 and 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. Affected devices include iPhone XS and later, various iPad models, and Macs with supported macOS versions.
Though details of the attacks and researchers involved remain undisclosed, Apple urges users to install these critical updates promptly to mitigate risks. This is the sixth zero-day vulnerability Apple has addressed this year, with similar patches released since January. As cybersecurity threats grow, it is crucial for users to keep their devices updated to guard against potential exploits.
