304/68 Friday, August 22, 2025
Apple has released security updates to address a zero-day vulnerability, tracked as CVE-2025-43300, affecting iOS, iPadOS, and macOS. The flaw was reportedly exploited in targeted attacks. The vulnerability resides in the ImageIO framework and could lead to memory corruption when the system processes a specially crafted image.
According to Apple, this vulnerability was used in highly sophisticated attacks targeting specific individuals. The company confirmed that the issue has been resolved by implementing improved bounds checking to prevent memory access errors.
Affected Devices and Fixed Versions
The following devices and systems have received the security patch:
- iOS 18.6.2 / iPadOS 18.6.2
- iPhone XS and later
- iPad Pro 13-inch
- iPad Pro 12.9-inch (3rd gen and later)
- iPad Pro 11-inch (1st gen and later)
- iPad Air (3rd gen and later)
- iPad (7th gen and later)
- iPad mini (5th gen and later)
- iPadOS 17.7.10
- iPad Pro 12.9-inch (2nd gen)
- iPad Pro 10.5-inch
- iPad (6th gen)
- macOS Ventura 13.7.8
- macOS Sonoma 14.7.8
- macOS Sequoia 15.6.1
Ongoing Threat and Apple’s Response
At this time, it is unclear who the attackers are or who the targets were, but Apple has confirmed that the zero-day has already been weaponized in real-world targeted campaigns.
This patch follows a series of zero-day fixes Apple has issued in 2025, including:
- CVE-2025-24085
- CVE-2025-24200
- CVE-2025-24201
- CVE-2025-31200
- CVE-2025-31201
- CVE-2025-43200
Additionally, just last month, Apple patched Safari zero-day CVE-2025-6558, which was previously exploited through Chrome according to reports by Google.
Source https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html
