Apple Addresses Critical Zero-Day Vulnerability (CVE-2025-43300) Targeted in Highly Sophisticated Cyber Attack

Apple has addressed a critical vulnerability, identified as CVE-2025-43300, which was reportedly exploited as a zero-day in a highly sophisticated attack targeting specific individuals. This vulnerability is classified as an out-of-bounds write issue that can occur when a vulnerable device processes a malicious image file, resulting in memory corruption that can be exploited. The flaw affects the Image I/O framework utilised by Apple’s iOS and macOS operating systems. To mitigate this risk, Apple has implemented improved bounds checking in the latest updates, including iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

While Apple has discovered the vulnerability, details regarding the entities leveraging it and their intentions remain unclear. The attacks appear to have been directed at specific individuals, suggesting a potential aim of delivering spyware. Despite the targeted nature of these attacks, it is advisable for all users to promptly upgrade their iDevices to ensure their security. Staying informed about the latest breaches, vulnerabilities, and cybersecurity threats is crucial, and users are encouraged to subscribe to breaking news alerts for timely updates. 

Categories: Cybersecurity, Vulnerabilities, Software Updates 

Tags: CVE-2025-43300, Vulnerability, Zero-day, Exploit, Memory Corruption, Image I/O, iOS, macOS, Bounds Checking, Spyware