Apple has launched safety updates to deal with a safety flaw impacting iOS, iPadOS, and macOS that it mentioned has come underneath lively exploitation within the wild.
The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 (CVSS rating: 8.8), resides within the ImageIO framework that would lead to reminiscence corruption when processing a malicious picture.
“Apple is conscious of a report that this difficulty might have been exploited in an especially subtle assault towards particular focused people,” the corporate mentioned in an advisory.
The iPhone maker mentioned the bug was internally found and that it was addressed with improved bounds checking. The next variations handle the safety defect –
- iOS 18.6.2 and iPadOS 18.6.2 – iPhone XS and later, iPad Professional 13-inch, iPad Professional 12.9-inch third technology and later, iPad Professional 11-inch 1st technology and later, iPad Air third technology and later, iPad seventh technology and later, and iPad mini fifth technology and later
- iPadOS 17.7.10 – iPad Professional 12.9-inch 2nd technology, iPad Professional 10.5-inch, and iPad sixth technology
- macOS Ventura 13.7.8 – Macs working macOS Ventura
- macOS Sonoma 14.7.8 – Macs working macOS Sonoma
- macOS Sequoia 15.6.1 – Macs working macOS Sequoia
It is at the moment not recognized who’s behind the assaults and who might have been focused, nevertheless it’s probably that the vulnerability has been weaponised as a part of extremely focused assaults.
With the most recent replace, Apple has up to now fastened a complete of seven zero-days which were abused in real-world assaults for the reason that begin of the 12 months: CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, and CVE-2025-43200.
Final month, the corporate additionally issued patches for a Safari vulnerability residing in an open-source element (CVE-2025-6558) that Google reported as having been exploited as a zero-day within the Chrome internet browser.
