Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)

Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.”

About CVE-2025-43300

CVE-2025-43300 is an out-of-bounds write issue that could be triggered by a vulnerable device processing a malicious image file, leading to exploitable memory corruption.

The vulnerability affects the Image I/O framework used by Apple’s iOS and macOS operating systems.

Apple has fixed this flaw with improved bounds checking in:

• iOS 18.6.2 and iPadOS 18.6.2
• iPadOS 17.7.10
• macOS Sequoia 15.6.1
• macOS Sonoma 14.7.8
• macOS Ventura 13.7.8

With Apple claiming the discovery of the vulnerability, it’s unlikely that we will soon find out who is/was leveraging it and for what.

But even though these attacks were apparently limited to targeting specific individuals – which likely means that the goal was to delivery spyware – all users would do well to upgrade their iDevices as soon as possible.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!