A Single Photo Can Hijack Your Apple Device: Inside a Critical 0-Click Exploit
The recent vulnerability in Apple’s ecosystem — CVE-2025-43300 — has emerged as one of the most dangerous threats to the company’s users. The flaw was identified in the RawCamera.bundle module, responsible for handling Adobe’s Digital Negative (DNG) format. The issue lies in the implementation of the JPEG Lossless Decompression algorithm, leading to an out-of-bounds memory write. According to Apple, this weakness has already been exploited in real-world attacks against selected targets using highly sophisticated techniques.
The vulnerability affects multiple systems simultaneously, including iOS and iPadOS 18.6.2, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8, and iPadOS 17.7.10. Apple has released patches for all impacted platforms. What makes the flaw particularly perilous is its ability to enable arbitrary code execution without any user interaction. A victim need only receive and open a malicious file — for instance, via iMessage — for the compromise to occur. This class of exploit, known as a “0-click” attack, executes instantly and invisibly.
Security researcher Matt Swish explained that the core of the problem lies in a discrepancy between metadata and the actual image content. A crafted DNG file may specify in its SubIFD block that each pixel contains two channels (SamplesPerPixel = 2), while the embedded JPEG Lossless stream includes only a single component (SOF3 = 1). The decompression code, attempting to process the data according to the declared metadata, overflows the buffer and overwrites adjacent memory. This flaw creates a clear pathway for injecting and executing malicious payloads.
The DNG format itself, based on the TIFF specification, includes a header, a chain of image directories (IFDs), and subordinate SubIFDs that can hold JPEG Lossless compression. JPEG Lossless employs the SOF3 marker to define the number of components. When this value does not align with the SamplesPerPixel field, the mismatch becomes the critical element of the exploit chain.
To counter the threat, researchers developed a Rust-based detection tool called ELEGANT BOUNCER, built upon prior work by b1n4r1b01, who first described how the flaw could be reproduced. The tool parses TIFF structures, locates SubIFDs with JPEG Lossless compression, checks the SamplesPerPixel field, and then extracts the actual component count from the JPEG. If the declared and actual values diverge, it flags a CVE-2025-43300 exploitation attempt. Its architecture includes a robust TIFF Reader for endian-aware parsing, an IFD Entry Processor for distinguishing inline values from offsets, and a JPEG Parser to extract SOF3 markers — enabling reliable detection of specially crafted malicious images.
The danger extends far beyond technical ease of exploitation. DNG, as an open format created by Adobe, is widely used in professional photography and is typically processed automatically without suspicion. Researcher u0pattern_cs further noted that Apple’s BlastDoor framework granted RawCamera.bundle permissions to map files with executable rights — potentially easing the path for attackers to escalate after initial code injection.
Mitigation requires urgent updates to patched versions of iOS, iPadOS, and macOS. Users are also advised to adopt layered defenses: manually vet incoming files before processing, disable automatic preview of images from untrusted sources, and leverage tools such as ELEGANT BOUNCER to scan suspicious DNGs. A proof-of-concept attack can be constructed by altering only a few bytes in a genuine DNG file — specifically by modifying SamplesPerPixel and SOF3 component values — underscoring how seemingly trivial inconsistencies can escalate into catastrophic security breaches.
Ultimately, CVE-2025-43300 highlights the risks inherent in complex file formats that merge multiple standards, demonstrating how misplaced trust in metadata can undermine even the most tightly controlled ecosystems. The flaw is also a stark reminder that 0-click exploits remain among the most insidious and formidable tools of cyber espionage.
