CVE-2025-43300 Zero-Day Vulnerability
Apple has rolled out critical security updates to fix a high-risk zero-day vulnerability tracked as CVE-2025-43300. The flaw, found in the ImageIO framework, has been confirmed as actively exploited in the wild, posing a serious threat to iOS, iPadOS, and macOS users.
Table of Contents
How the Vulnerability Works
CVE-2025-43300 is classified as an out-of-bounds write vulnerability. The issue arises when ImageIO processes a maliciously crafted image, leading to memory corruption. This type of flaw allows attackers to manipulate system memory in unsafe ways, potentially granting them remote code execution capabilities or access to sensitive data.
Apple has acknowledged that the vulnerability was part of “extremely sophisticated” attacks against targeted individuals, highlighting its use in advanced exploitation campaigns.
Who Is at Risk?
The bug affects a wide range of Apple devices, including modern iPhones, iPads, and Macs. While Apple has not disclosed who the attackers are or the identities of their targets, the exploitation indicates that well-resourced threat actors, possibly state-sponsored groups, are behind the campaign.
Patched Versions Available
Apple fixed CVE-2025-43300 through improved bounds checking and released updates across supported systems. Users are strongly advised to upgrade to the following versions:
- iOS 18.6.2 and iPadOS 18.6.2 – iPhone XS and later, iPad Pro (13-inch, 12.9-inch 3rd gen+, 11-inch 1st gen+), iPad Air 3rd gen+, iPad 7th gen+, iPad mini 5th gen+.
- iPadOS 17.7.10 – iPad Pro 12.9-inch 2nd gen, iPad Pro 10.5-inch, iPad 6th gen.
- macOS Ventura 13.7.8 – devices running Ventura.
- macOS Sonoma 14.7.8 – devices running Sonoma.
- macOS Sequoia 15.6.1 – devices running Sequoia.
A Growing List of Exploited Zero-Days
CVE-2025-43300 is not an isolated incident. Since the beginning of the year, Apple has patched seven exploited zero-days:
- CVE-2025-24085
- CVE-2025-24200
- CVE-2025-24201
- CVE-2025-31200
- CVE-2025-31201
- CVE-2025-43200
- CVE-2025-43300
Additionally, Apple recently fixed a Safari flaw (CVE-2025-6558) linked to an open-source component, which had already been abused as a zero-day in Google Chrome.
Why These Vulnerabilities Matter
Zero-day exploits are among the most dangerous threats in cybersecurity because attackers leverage them before patches are publicly available. When flaws like CVE-2025-43300 are tied to targeted espionage campaigns, they pose risks not just to individuals but to enterprises, governments, and critical infrastructure.
Staying Protected
Users should:
- Update immediately to the latest patched version.
- Avoid opening unsolicited image files or content from unknown sources.
- Enable automatic updates to reduce exposure windows to zero-day threats.
By addressing CVE-2025-43300 promptly, Apple helps reduce the attack surface, but the exploit’s existence is a reminder that persistent and sophisticated adversaries are constantly seeking new entry points.
