Apple Releases Patch for Likely Exploited Zero-Day Vulnerability
Summary:
Apple recently rolled out security patches to address a zero-day vulnerability that was likely exploited in attacks in the wild. Tracked as CVE-2025-43300, the flaw pertains to an out-of-bounds write weakness in the Image I/O framework, designed to enable applications to read and write most image file formats. Such flaws occur when a program attempts to access or write data outside the allocated memory buffer. This, in turn, can lead to the program crashing, data corruption, or even enable remote code execution, allowing actors to execute payloads on targeted devices.
Security Officer Comments:
Apple says that it is aware of a report that CVE-2025-43300 may have been exploited in an extremely sophisticated attack against specific targeted individuals. However, as is the case with other zero-day flaws addressed by Apple, the details of exploitation have been limited. According to Sylvain Cortes, VP of strategy at Hackuity, CVE-2025-43300 could potentially open the door for ‘zero-click’ attacks, where a simple malicious message could let attackers run code without requiring user interaction. In the past, such exploits have been used to target government officials, journalists, and other high-value targets in spyware campaigns, highlighting the potential for similar attacks.
Suggested Corrections:
CVE-2025-43300 impacts macOS Ventura before version 13.7, macOS Sonoma before version 14.7, macOS Sequoia before version 15.6, iOS before 18.6 and iPadOS before 17.7 and 18.6. The flaw has seen been addressed with improved bounds checking in the following versions:
https://www.infosecurity-magazine.com/news/apple-patch-likely-exploited-zero/
Apple recently rolled out security patches to address a zero-day vulnerability that was likely exploited in attacks in the wild. Tracked as CVE-2025-43300, the flaw pertains to an out-of-bounds write weakness in the Image I/O framework, designed to enable applications to read and write most image file formats. Such flaws occur when a program attempts to access or write data outside the allocated memory buffer. This, in turn, can lead to the program crashing, data corruption, or even enable remote code execution, allowing actors to execute payloads on targeted devices.
Security Officer Comments:
Apple says that it is aware of a report that CVE-2025-43300 may have been exploited in an extremely sophisticated attack against specific targeted individuals. However, as is the case with other zero-day flaws addressed by Apple, the details of exploitation have been limited. According to Sylvain Cortes, VP of strategy at Hackuity, CVE-2025-43300 could potentially open the door for ‘zero-click’ attacks, where a simple malicious message could let attackers run code without requiring user interaction. In the past, such exploits have been used to target government officials, journalists, and other high-value targets in spyware campaigns, highlighting the potential for similar attacks.
Suggested Corrections:
CVE-2025-43300 impacts macOS Ventura before version 13.7, macOS Sonoma before version 14.7, macOS Sequoia before version 15.6, iOS before 18.6 and iPadOS before 17.7 and 18.6. The flaw has seen been addressed with improved bounds checking in the following versions:
- iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
- iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
- macOS Ventura 13.7.8 - Macs running macOS Ventura
- macOS Sonoma 14.7.8 - Macs running macOS Sonoma
- macOS Sequoia 15.6.1 - Macs running macOS Sequoia
https://www.infosecurity-magazine.com/news/apple-patch-likely-exploited-zero/