In August 2025, Apple addressed a zero-day vulnerability, CVE-2025-43300, that was being actively exploited in its iOS, iPadOS, and macOS operating systems. This flaw is an out-of-bounds write issue located within the ImageIO framework, which is responsible for handling image files. Attackers could leverage this vulnerability to trigger memory corruption simply by having a user process a specially crafted, malicious image. The company noted in its advisory that it was aware of reports suggesting the flaw had been used in a “highly sophisticated attack” targeting specific individuals.
To fix the vulnerability, Apple implemented improved bounds checking. This ensures that the system properly handles the data and prevents the memory corruption that could be exploited by an attacker. The company released a series of updates to fix the issue on its latest operating systems, including iOS 18.6.2 and iPadOS 18.6.2, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1. These updates covered a wide range of devices, from the iPhone XS and newer models to various generations of iPads and Macs.
Apple did not provide specific technical details about the attacks that exploited this vulnerability. This is a common practice for the company, as it helps prevent further exploitation and gives users time to install the patches. The lack of detailed information also makes it more difficult for other malicious actors to replicate the attacks. The company’s immediate focus is on ensuring the security of its users by providing timely updates.
The vulnerability’s severity was underscored by a recent confirmation from WhatsApp, which revealed that attackers had chained CVE-2025-43300 with another flaw, CVE-2025-55177, in a spyware campaign. This sophisticated attack targeted fewer than 200 individuals. To combat this, Apple released security patches for its older, but still supported, devices.
This commitment to protecting all supported devices is evident in the backported updates. Apple released updates for older operating systems like iOS 16.7.12 and iOS 15.8.5. These updates fixed the flaw on a wide range of devices, including the iPhone 8, iPhone X, iPhone 6s, and various older iPads. By backporting the patches, Apple ensures that even users with older hardware receive the necessary security protection, highlighting their commitment to user safety across their entire product line.
Reference:
