Apple addressed a vulnerability impacting iOS, iPadOS, and macOS that it is under active exploitation in the wild.
Apple addressed an actively exploited zero-day, tracked as CVE-2025-43300, in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds write issue that resides in the ImageIO framework, an attacker could exploit it to cause memory corruption when processing a malicious image.
“Processing a malicious image file may result in memory corruption.” reads the advisory published by the tech giant. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The company fixed the problem with improved bounds checking. Apple released the following updates to fix the issue:
- iOS 18.6.2 and iPadOS 18.6.2 – iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- iPadOS 17.7.10 – iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
- macOS Ventura 13.7.8 – Mac systems running macOS Ventura
- macOS Sonoma 14.7.8 – Macs systems running macOS Sonoma
- macOS Sequoia 15.6.1 – Macs systems running macOS Sequoia
As usual, the company did not share technical details about the attacks exploiting this vulnerability.
Apple’s latest update brings the total to seven zero-days patched in 2025 that were exploited in real-world attacks.
The other zero-day vulnerabilities addressed this year are CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, and CVE-2025-43200.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CVE-2025-43300)