Apple Patches Zero-Day Exploited in Targeted Attacks (CVE-2025-43300)

Published Date: August 21, 2025
Category: ShadowOpsIntel
Share:

On August 20, 2025, Apple released emergency security updates to fix a zero-day vulnerability (CVE-2025-43300) actively exploited in the wild. The flaw resides in Image I/O, a core framework responsible for handling various image file formats across Apple’s ecosystem. Apple confirmed that the vulnerability was exploited in highly targeted, extremely sophisticated attacks against specific individuals, likely pointing to an espionage or surveillance-related campaign.

Severity Level: High

Vulnerability Details

  • CVE ID: CVE-2025-43300
  • Type: Out-of-Bounds Write (Memory Corruption)
  • Component: Image I/O Framework
  • The flaw arises from improper bounds checking when Image I/O processes certain image file formats.
  • Impact: Processing a maliciously crafted image file may result in memory corruption and potentially lead to remote code execution (RCE).

Exploitation Of The Vulnerability

  • Attackers deliver malicious image files via targeted channels (email attachments, messaging apps, or web content).
  • Once the victim’s device processes the image, out-of-bounds memory write occurs, allowing arbitrary code execution.
  • Apple classified exploitation as “extremely sophisticated,” suggesting custom exploits, stealth delivery, and likely nation-state-level capabilities.
  • The attacks appear to be limited to high-value individuals rather than widespread campaigns.

Affected Products

  • iPhone: iPhone XS and later
  • iPad: iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
  • Macs running macOS Sequoia, Sonoma, and Ventura

Recommendations

  1. Deploy iOS 18.6.2 and iPadOS 18.6.2 on all affected iPhones and iPads without delay.
  2. Ensure Macs are updated to macOS Sequoia 15.6.1, Sonoma 14.7.8, or Ventura 13.7.8.
  3. Educate users to avoid opening unsolicited or suspicious image attachments (email, messaging apps, social media).
  4. Monitor for indicators of targeted exploitation, such as:
    • Unexplained crashes in Photos, Messages, or other image-handling apps
    • Unusual outbound traffic following receipt of images

Source:

  • https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/
  • https://support.apple.com/en-us/124925
  • https://support.apple.com/en-us/124927
  • https://support.apple.com/en-us/124928
  • https://support.apple.com/en-us/124929

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.

Ampcus Cyber
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.