Apple has urgently released security updates to fix a zero-day vulnerability that has been exploited in targeted attacks. This flaw, identified as CVE-2025-43300, affects both mobile and desktop operating systems by compromising the Image I/O framework. The vulnerability allows attackers to potentially take control of devices by luring users into opening a malicious image file. The issue is rooted in an out-of-bounds write problem within the framework, which fails to properly verify memory boundaries during image data processing, leading to possible memory corruption and arbitrary code execution.
The vulnerability impacts a range of devices, including iPhone XS and newer models, various iPad versions, and macOS systems such as Sequoia, Sonoma, and Ventura. Apple has rolled out updates in iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8 to address the issue. The company noted that the flaw was actively exploited in a sophisticated attack targeting specific individuals, though details about the targets and the nature of the campaign remain undisclosed.
This represents the sixth zero-day vulnerability Apple has patched in 2025. Users are strongly encouraged to update their devices immediately to protect against potential compromises. It is also advised to be cautious of opening images or attachments from unknown sources, particularly those received through messaging apps, email, or social media.
