Update Now: Apple Patches Critical Zero-Day Vulnerability Found in the Wild
Apple has released critical security updates for iOS, iPadOS, and macOS addressing a newly discovered zero-day vulnerability already being actively exploited in the wild. Tracked as CVE-2025-43300, the flaw affects the ImageIO framework and arises from an out-of-bounds write error when processing specially crafted image files. This defect can lead to memory corruption and the execution of arbitrary code. According to the company, the vulnerability may have been leveraged in highly sophisticated attacks against select individuals.
The issue, uncovered internally by Apple, has been mitigated through the introduction of stricter boundary checks. Fixes have been incorporated into the following system versions:
- iOS 18.6.2 and iPadOS 18.6.2 — for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch (3rd generation and later), iPad Pro 11-inch (1st generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), and iPad mini (5th generation and later).
- iPadOS 17.7.10 — for iPad Pro 12.9-inch (2nd generation), iPad Pro 10.5-inch, and iPad (6th generation).
- macOS Ventura 13.7.8 — for Mac devices running Ventura.
- macOS Sonoma 14.7.8 — for Mac devices running Sonoma.
- macOS Sequoia 15.6.1 — for Mac devices running Sequoia.
At present, it remains unclear who is behind the exploitation of CVE-2025-43300 or which targets were chosen. However, the circumstances strongly suggest targeted campaigns involving costly, bespoke tools. Apple itself described the incident as exceptionally complex in terms of execution.
