Ethical Hacking News
Apple has released patches for a critical vulnerability (CVE-2025-43300) that has been exploited in highly-targeted spyware attacks aimed at less than 200 individuals. The vulnerability is an out-of-bounds write issue in the ImageIO component of Apple's operating systems and has been patched with the release of iOS 18.6.2 and iPadOS 18.6.2, alongside macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1.
The CVE-2025-43300 vulnerability is an out-of-bounds write issue in Apple's ImageIO component. The vulnerability has been used in targeted spyware attacks on less than 200 individuals, potentially resulting in identity theft or financial data breaches. Apple released patches for the vulnerability with iOS 18.6.2 and iPadOS 18.6.2, as well as several other security flaws. The patches also address CVE-2025-31255, CVE-2025-43362, CVE-2025-43329, CVE-2025-31254, and CVE-2025-43272 vulnerabilities.
The world of cybersecurity is constantly evolving, with new vulnerabilities and threats emerging every day. Recently, a critical vulnerability was exposed that has been actively exploited in the wild, leaving many experts scrambling to address the issue. The vulnerability in question is CVE-2025-43300, an out-of-bounds write issue in the ImageIO component of Apple's operating systems.
According to recent reports, this vulnerability has been used in highly-targeted spyware attacks aimed at less than 200 individuals. While the number of affected individuals may seem small compared to the overall population, it is essential to note that even a few targeted attacks can have significant consequences. These attacks can result in the theft of sensitive information, such as personal data and financial details, which can be used for identity theft or other malicious purposes.
The vulnerability was first addressed by Apple late last month with the release of iOS 18.6.2 and iPadOS 18.6.2, alongside macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1. However, it has also been released for older versions, including iOS 16.7.12 and iPadOS 16.7.12, which can be installed on iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
In addition to the CVE-2025-43300 vulnerability, Apple has also released patches for several other security flaws, including:
* CVE-2025-31255: An authorization vulnerability in IOKit that could allow an app to access sensitive data.
* CVE-2025-43362: A vulnerability in LaunchServices that could allow an app to monitor keystrokes without user permission.
* CVE-2025-43329: A permissions vulnerability in Sandbox that could allow an app to break out of its sandbox.
* CVE-2025-31254: A vulnerability in Safari that could result in unexpected URL redirection when processing maliciously crafted web content.
* CVE-2025-43272: A vulnerability in WebKit that could result in unexpected Safari crash when processing maliciously crafted web content.
While there is no evidence that any of the aforementioned flaws have been weaponized in real-world attacks, it's always a good practice to keep systems up-to-date for optimal protection. This includes ensuring that all devices running Apple operating systems are updated with the latest security patches and that users are cautious when clicking on links or opening attachments from unknown sources.
In conclusion, the CVE-2025-43300 vulnerability is a critical issue that has been actively exploited in the wild. It's essential for users and organizations to take immediate action to address this vulnerability and ensure that their systems are protected from potential attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Vulnerability-Exposed-Apples-CVE-2025-43300-Exploited-in-Sophisticated-Spyware-Attacks-ehn.shtml
https://thehackernews.com/2025/09/apple-backports-fix-for-cve-2025-43300.html
https://nvd.nist.gov/vuln/detail/CVE-2025-43300
https://www.cvedetails.com/cve/CVE-2025-43300/
https://nvd.nist.gov/vuln/detail/CVE-2025-31255
https://www.cvedetails.com/cve/CVE-2025-31255/
https://nvd.nist.gov/vuln/detail/CVE-2025-43362
https://www.cvedetails.com/cve/CVE-2025-43362/
https://nvd.nist.gov/vuln/detail/CVE-2025-43329
https://www.cvedetails.com/cve/CVE-2025-43329/
https://nvd.nist.gov/vuln/detail/CVE-2025-31254
https://www.cvedetails.com/cve/CVE-2025-31254/
https://nvd.nist.gov/vuln/detail/CVE-2025-43272
https://www.cvedetails.com/cve/CVE-2025-43272/
Published: Tue Sep 16 08:28:24 2025 by llama3.2 3B Q4_K_M
