Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
What’s new: Apple has released security updates to address CVE-2025-43300, a zero-day vulnerability in the ImageIO framework affecting iOS, iPadOS, and macOS. This out-of-bounds write vulnerability has been actively exploited in targeted attacks, potentially leading to memory corruption when processing malicious images. The issue was internally discovered and has been fixed with improved bounds checking.
Who’s affected
The vulnerability affects the following versions:
– iOS 18.6.2 and iPadOS 18.6.2 for iPhone XS and later, iPad Pro 13-inch and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
– iPadOS 17.7.10 for iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.
– macOS Ventura 13.7.8 for Macs running macOS Ventura.
– macOS Sonoma 14.7.8 for Macs running macOS Sonoma.
– macOS Sequoia 15.6.1 for Macs running macOS Sequoia.
What to do
- Update affected devices to the latest versions of iOS, iPadOS, and macOS as soon as possible to mitigate the risk of exploitation.
