Apple has issued an emergency updates to patch another zero-day vulnerability, which was exploited in the “highly sophisticated attack”.
CVE-2025-43300 was tracked, this safety defect is caused by one Out-off-bounds write weakness Image I/O Framework was discovered by the Safety Researchers, which enables the application to read and write most image file formats.
An out-of-bounds prescribe when the attackers successfully exploit such weaknesses by supplying input to a program, allowing this allocated memory to the data outside the buffer, allowing the program to corrupt the data, corruption, or, in the worst condition, allow remote code execution.
“Apple knows about a report that the issue may have been exploited in a highly sophisticated attack against specific target persons,” the company revealed In security advice issued on Wednesday.
“An out-of-bounds right issue was addressed with a better limit check. Processing a malicious image file can lead to memory corruption.”
Apple has addressed the issue that with a better limit check to prevent exploitation iOS 18.6.2 and iPados 18.6.2, iPados 17.7.10, MacoS Sea 15.6.1, Mcos Sonoma 14.7.8And Mcos Ventura 13.7.8,
The complete list of equipment affected by this zero-day vulnerability is widespread, as the bug affects both old and new models, including:
- iPhone XS and later,
- IPad Pro 13-inch, iPad Pro 12.9-inch’s third generation and later, iPad Pro 11-inch first generation and later, iPad Air 3 generations and later, iPad 7th generation and later, and later, and iPad Mini 5th generation and later, iPad Pro 10.9-inch, and 12-inch, iPad Pro 10.5-inch, and, iPad Pro 10.5-inch, and Got generation,
- And MacoS Sea, Sonoma and Ventura running Mac.
The company has yet credited one of its researchers and has not published details about the attacks described as “extremely sophisticated” yet.
Although this defect is only exploited only in highly targeted attacks, it is strongly advised to install today’s security updates to prevent any possible ongoing attacks.
With this vulnerability, Apple has exploited a total of six zero-days in Wilder since the beginning of the year, first in January (CVE-2025-24085), second in February (cve-2025-24200), a third (cve-2025-24201) in March (CVE-2025-24201), and two and April (cve-2025-31200 and two and two.
In 2024, the company exploited six other zero-day actively: one in January, two in March, one fourth in May and two in November.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
