Apple has released urgent security updates for iOS, iPadOS, and macOS to patch a zero-day vulnerability, tracked as CVE-2025-43300, that has been actively exploited in the wild. The flaw, which affects the Image I/O framework, could allow attackers to execute arbitrary code on a victim’s device simply by processing a malicious image file.
The vulnerability is an out-of-bounds write issue, meaning a specially crafted image could cause memory corruption, leading to a system crash or, more critically, enabling remote code execution. According to Apple’s security advisory, the company is “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.” While Apple has not provided further details on the nature of the attacks or the identity of the perpetrators, the language suggests the exploitation is linked to highly-resourced threat actors, such as those associated with commercial spyware vendors.
This is the seventh zero-day vulnerability Apple has patched this year, highlighting the persistent threat of sophisticated attacks targeting its platforms. The Image I/O framework, which is responsible for handling most image formats across Apple’s ecosystem, makes the vulnerability a significant concern due to its widespread use. A malicious image could be delivered via email, messaging apps, or websites, making the exploit vector highly accessible and requiring little to no user interaction beyond simply viewing or previewing the image.
The patches are available in the following updates: iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. . The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-43300 to its Known Exploited Vulnerabilities Catalog, mandating that federal agencies patch their systems by September 11, 2025. This underscores the critical nature of the vulnerability and the need for all users to update their devices immediately.
Users are strongly advised to install these security updates without delay to protect themselves from potential compromise. To update your device, go to Settings > General > Software Update on your iPhone or iPad, or System Settings > General > Software Update on your Mac.
