Ethical Hacking News
Apple has issued an emergency update to address a newly discovered zero-day vulnerability in its Image I/O framework, which was exploited in "extremely sophisticated attacks" against specific targeted individuals. The vulnerability affects multiple Apple devices and operating systems, highlighting the need for robust security measures to protect users' devices and data.
Apple has issued an emergency update to address a newly discovered zero-day vulnerability in its Image I/O framework.The vulnerability, CVE-2025-43300, allows attackers to supply malicious input to applications that rely on the Image I/O framework, leading to memory corruption and potentially remote code execution.The patch affects Apple devices from iPhone XS onwards, including iPads and Macs running various versions of operating systems.Users are urged to install the available security updates promptly to prevent potential ongoing attacks.This marks the sixth zero-day flaw discovered by Apple since the start of the year.
Apple has issued an emergency update to address a newly discovered zero-day vulnerability in its Image I/O framework, which was exploited in "extremely sophisticated attacks" against specific targeted individuals. The vulnerability, tracked as CVE-2025-43300, is caused by an out-of-bounds write weakness that allows attackers to supply malicious input to applications that rely on the Image I/O framework, leading to memory corruption and potentially even remote code execution.
The discovery of this zero-day flaw was made possible by Apple's security researchers, who identified the issue and worked with the company to develop a patch. However, despite their efforts, the exact details of the vulnerability and the attacks that exploited it remain unknown. The only information available is that the attacks were "extremely sophisticated" and targeted specific individuals, suggesting that the attackers had access to advanced tools and resources.
The Image I/O framework is used by many applications on Apple devices, including iOS, iPadOS, macOS, and more. As a result, the patch released by Apple affects a wide range of products, including iPhone models from the XS onwards, as well as several different iPads and Macs running various versions of the operating systems.
The full list of affected devices includes:
* iPhone XS and later
* iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
* iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
* Macs running macOS Sequoia, Sonoma, and Ventura
In a statement, Apple explained that an out-of-bounds write issue was addressed with improved bounds checking to prevent exploitation in iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.
While the exact details of the attacks that exploited this vulnerability remain unknown, it is clear that they were highly targeted and sophisticated. The fact that multiple zero-day vulnerabilities have been exploited in the wild since the start of the year suggests that attackers are becoming increasingly skilled and brazen.
In response to this latest incident, Apple has urged users to install the available security updates promptly to prevent any potential ongoing attacks. Given the severity of the vulnerability and the sophisticated nature of the attacks, it is essential for users to take immediate action to protect themselves.
It is worth noting that this marks the sixth zero-day flaw discovered by Apple since the start of the year, highlighting a clear pattern of exploitation by attackers. In 2024, Apple patched six other actively exploited zero-days: one in January, two in March, a fourth in May, and two others in November.
The increasing number of zero-day vulnerabilities being exploited highlights the need for robust security measures to protect users' devices and data. As attackers continue to evolve and improve their tactics, it is essential that manufacturers like Apple remain vigilant and proactive in addressing these issues.
In light of this latest incident, it is more important than ever for users to prioritize security and take steps to protect themselves. This includes keeping software up to date, using strong passwords, and being cautious when interacting with suspicious emails or attachments.
As the threat landscape continues to evolve, one thing is clear: zero-day vulnerabilities like CVE-2025-43300 will remain a critical concern for users and manufacturers alike.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Critical-Zero-Day-Vulnerability-in-Apples-Image-IO-Framework-Exploited-in-Targeted-Attacks-ehn.shtml
https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/
https://nvd.nist.gov/vuln/detail/CVE-2025-43300
https://www.cvedetails.com/cve/CVE-2025-43300/
Published: Wed Aug 20 13:59:13 2025 by llama3.2 3B Q4_K_M
