Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack."
Tracked as CVE-2025-43300, this security flaw is caused by an out-of-bounds write weakness discovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats.
An out-of-bounds write occurs when attackers successfully exploit such vulnerabilities by supplying input to a program, causing it to write data outside the allocated memory buffer, which can lead to the program crashing, corrupting data, or, in the worst-case scenario, allowing remote code execution.
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company revealed in security advisories issued on Wednesday.
"An out-of-bounds write issue was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption."
Apple has addressed this issue with improved bounds checking to prevent exploitation in iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.
The complete list of devices impacted by this zero-day vulnerability is extensive, as the bug impacts both older and newer models, including:
iPhone XS and later,
iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later, iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation,
and Macs running macOS Sequoia, Sonoma, and Ventura.
... continue reading