Ethical Hacking News
Apple has patched a zero-day vulnerability in iOS, iPadOS, and macOS that could be exploited through images. The latest update fixes a memory corruption vulnerability that was targeted against specific individuals. Users are advised to apply the patches as soon as possible to minimize their risk of falling prey to such attacks.
Apple has released patches for a zero-day vulnerability (CVE-2025-43300) in its mobile operating systems, including iOS and iPadOS. The vulnerability resides in the ImageIO framework and could result in memory corruption when processing malicious images. The bug was internally discovered by Apple and addressed with improved bounds checking. Patches are available for various devices, including iPhone XS and later, iPad Pro models, and Macs running macOS Ventura and Sonoma. Users are advised to apply the patches as soon as possible to minimize their risk of falling prey to targeted attacks.
Apple has taken swift action to address a security flaw in its mobile operating systems, releasing patches for a zero-day vulnerability that has been exploited in targeted attacks. The vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework and could result in memory corruption when processing malicious images. This recent development marks the latest addition to Apple's list of patched vulnerabilities since the start of 2025, which includes several zero-days.
In a statement, Apple acknowledged that it is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. The company stated that the bug was internally discovered and that it was addressed with improved bounds checking. The patches are now available for iOS 18.6.2 and iPadOS 18.6.2, which apply to iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.
In addition to iOS and iPadOS, patches have also been released for iPadOS 17.7.10, which applies to the iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation, as well as macOS Ventura 13.7.8 and macOS Sonoma 14.7.8, which apply to Macs running these operating systems. Furthermore, patches have also been released for macOS Sequoia 15.6.1, which applies to Macs running the latest version of the operating system.
It is worth noting that the vulnerability has been identified as a zero-day out-of-bounds write vulnerability. This type of vulnerability can potentially allow attackers to execute malicious code on affected devices, leading to potential exploitation and further attacks. It's currently not known who is behind these attacks or what specific targeted individuals were affected by the attack but it's most likely that this vulnerability was used as part of highly targeted attacks.
The release of patches for CVE-2025-43300 marks another addition to Apple's list of zero-day vulnerabilities that have been patched since 2025. In addition to the recently released patch for the Safari vulnerability, there were also patches released for six other zero-days: CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, and CVE-2025-43200.
The exploitation of these vulnerabilities highlights the ongoing threat landscape in the mobile security space. It serves as a reminder that users must remain vigilant and keep their devices up to date with the latest security patches. This includes regularly checking for updates on Apple's website and applying them as soon as they become available.
In conclusion, the release of patches for CVE-2025-43300 underscores the importance of mobile security in today's digital landscape. By keeping your device and software up to date, users can significantly reduce their risk of falling prey to such attacks. Furthermore, the ongoing efforts by Apple to address zero-day vulnerabilities demonstrate its commitment to providing a secure environment for its users.
Apple has patched a zero-day vulnerability in iOS, iPadOS, and macOS that could be exploited through images. The latest update fixes a memory corruption vulnerability that was targeted against specific individuals. Users are advised to apply the patches as soon as possible to minimize their risk of falling prey to such attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Unrelenting-Tide-of-Cyber-Threats-Apple-Patches-Zero-Day-Vulnerability-in-iOS-iPadOS-and-macOS-ehn.shtml
https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html
Published: Thu Aug 21 01:11:42 2025 by llama3.2 3B Q4_K_M
