Apple has released urgent security updates to address a new zero-day vulnerability exploited in targeted attacks, affecting its mobile and desktop operating systems.
The flaw, tracked as CVE-2025-43300, resides in the Image I/O framework and may allow attackers to compromise devices by tricking victims into opening a specially crafted image file.
The issue was fixed with the release of iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. Apple has acknowledged that the flaw was actively exploited in what it described as an “extremely sophisticated attack against specific targeted individuals.” The company did not disclose the identity of the targets or the nature of the campaign, following its standard practice of withholding technical and tactical details until users are broadly protected.
The vulnerability affects Apple’s Image I/O framework, a system-level component responsible for parsing and handling image data across the entire operating system. This includes image previews, embedded media in messaging apps, and content displayed in browsers or third-party applications. The flaw stems from an out-of-bounds write issue. Specifically, the software failed to correctly verify memory boundaries while processing image data, allowing attackers to potentially corrupt memory and execute arbitrary code.
By crafting a malicious image file that exploits this flaw, attackers could trigger memory corruption on a victim’s device simply by getting them to view or open the file. In practical terms, this could lead to device compromise, allowing threat actors to spy on users, steal data, or install further malware, though Apple has not confirmed what the attackers were able to achieve in this particular campaign.
The vulnerability impacts a wide range of Apple devices, including iPhone XS and later models, multiple generations of iPad Pro, iPad Air, standard iPads, and iPad mini devices. On the desktop side, macOS Sequoia, Sonoma, and Ventura are all affected, highlighting the broad reach of the flaw across the Apple ecosystem.
This marks the sixth zero-day vulnerability exploited in the wild and patched by Apple so far in 2025. Previous zero-days include CVE-2025-24085 (January), CVE-2025-24200 (February), CVE-2025-24201 (March), and two in April, CVE-2025-31200 and CVE-2025-31201.
Users are strongly advised to install the latest updates immediately to ensure they are protected. Those using older OS versions should verify whether their device is eligible for a security update. In general, avoid opening images or attachments from unknown sources, especially when received via messaging platforms, email, or social media.
Leave a Reply