Apple fixes new zero-day flaw exploited in targeted attacks
What’s new: Apple has released emergency updates to address a zero-day vulnerability tracked as CVE-2025-43300, which was exploited in targeted attacks. The flaw, caused by an out-of-bounds write issue in the Image I/O framework, could lead to memory corruption and potentially remote code execution. The vulnerability affects multiple versions of iOS, iPadOS, and macOS.
Who’s affected
The vulnerability impacts a wide range of devices, including iPhone XS and later, various iPad models (including iPad Pro, iPad Air, and iPad mini), and Macs running macOS Sequoia, Sonoma, and Ventura.
What to do
- Install the latest security updates for iOS (18.6.2), iPadOS (18.6.2, 17.7.10), and macOS (Sequoia 15.6.1, Sonoma 14.7.8, Ventura 13.7.8) immediately to mitigate the risk of exploitation.
