Apple Issues Emergency Update Addressing Critical Zero-Day Vulnerability
Apple has released emergency updates to combat a recently discovered zero-day vulnerability, leveraged in an “extremely sophisticated attack” against specific targets, reports 24brussels.
The vulnerability, identified as CVE-2025-43300, arises from an out-of-bounds write weakness within the Image I/O framework, a critical component allowing applications to handle various image file formats. This flaw poses significant risks as attackers can exploit it to write outside allocated memory buffers, potentially resulting in program crashes, data corruption, or even remote code execution.
Apple acknowledged the severity of the situation, stating, “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” in security advisories released on Wednesday. The company emphasized that the flaw has been addressed with enhanced bounds checking. “Processing a malicious image file may result in memory corruption,” Apple added.
The patch, aimed at preventing abuse of this vulnerability, is included in updates for iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.
Devices affected by this zero-day vulnerability encompass a wide range of models, from the iPhone XS and newer to several iPad generations, including the iPad Pro, iPad Air, and iPad mini series, as well as Macs running the aforementioned operating systems.
Details regarding the discovery of the flaw remain undisclosed, and Apple has not yet provided further information on the nature of the attacks labeled as “extremely sophisticated.”
While the vulnerability appears to primarily impact highly targeted individuals, users are strongly advised to install today’s security updates promptly to safeguard their devices against potential ongoing threats.
This release marks the sixth actively exploited zero-day vulnerability addressed by Apple this year, following previous patches issued in January, February, March, and two in April, each addressing different security flaws.
In total, Apple has rectified twelve zero-days exploited in the wild throughout 2024 and 2025, with significant vulnerabilities also reported in earlier months of both years. Users are urged to maintain up-to-date software to ensure optimal safety.
