Apple Addresses New Zero-Day Vulnerability Targeted in Specific Attacks

Apple has released emergency updates to address a critical zero-day vulnerability, tracked as CVE-2025-43300, which was exploited in an “extremely sophisticated attack.” This security flaw stems from an out-of-bounds write weakness identified by Apple security researchers within the Image I/O framework, which allows applications to read and write various image file formats. An out-of-bounds write occurs when attackers manipulate a program to write data outside its allocated memory buffer, potentially leading to program crashes, data corruption, or even remote code execution. Apple acknowledged reports of this vulnerability being exploited against specific targeted individuals and has implemented improved bounds checking to mitigate the risk. The updates are available for iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

The vulnerability affects a wide range of devices, including iPhone XS and later models, various iPad Pro models, iPad Air 3rd generation and later, iPad 7th generation and later, and Macs running the affected macOS versions. While the flaw is likely to be exploited in highly targeted attacks, Apple strongly advises users to promptly install the latest security updates to safeguard against potential threats. This incident marks the sixth zero-day vulnerability that Apple has patched this year, following previous vulnerabilities addressed in January, February, March, and April. In 2024, Apple has also resolved six other actively exploited zero-days. The Picus Blue Report 2025 offers further insights into trends in prevention, detection, and data exfiltration. 

Categories: Cybersecurity, Software Vulnerabilities, Device Updates 

Tags: Apple, Zero-Day, Vulnerability, Out-of-Bounds, Security, Image I/O, Exploitation, Memory Corruption, iOS, macOS