Apple on Tuesday patched CVE-2025-43300, a zero-day vulnerability described by authorities as having been exploited in an extremely sophisticated attack against specific targeted individuals. The company said the flaw has been remedied across its iOS, iPadOS and macOS platforms.
The flaw, identified as an out-of-bounds write vulnerability, could be triggered by processing a malicious image file and may lead to memory corruption, according to technical disclosures accompanying the patch.
The vulnerability affects Apple’s Image I/O framework, which is used by both iOS and macOS for image processing. Apple’s security advisories and documentation on the Image I/O component are linked here.
Apple has issued fixes in the following updates:
- iOS 18.6.2 and iPadOS 18.6.2
- iPadOS 17.7.10
- macOS Sequoia 15.6.1
- macOS Sonoma 14.7.8
- macOS Ventura 13.7.8
Apple said the discovery of the vulnerability was identified internally by its security teams, and that the attacks appeared targeted. It did not disclose who was exploiting the flaw or for what purpose, but the company emphasized that all users should upgrade as soon as possible to reduce risk.
Experts emphasized that while the incidents appear limited to targeted individuals, the broad guidance remains the same: install the latest updates to curb exploitation opportunities and maintain up-to-date protections across devices.