Apple Addressed Zero-day Vulnerability Impacting iOS, iPadOS, and macOS (CVE-2025-43300)

Posted by Author Diksha Ojha on Posted on

Apple has released updates to address a vulnerability that is being exploited in the wild. Tracked as CVE-2025-43300, the vulnerability impacts macOS Sequoia, macOS Ventura, macOS Sonoma, iOS, and iPadOS.

CVE-2025-43300 is an out-of-bounds write flaw in the ImageIO framework used by Apple. An attacker may exploit the vulnerability by processing a malicious image file that could lead to memory corruption. Apple addressed the vulnerability with improved bounds checking.

Apple mentioned in the advisory that “they are aware of a report that the vulnerability may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

CISA acknowledged the vulnerability’s active exploitation by adding it to its Known Exploited Vulnerabilities Catalog and urging users to patch it before September 11, 2025.

This is the seventh zero-day vulnerability patched by Apple since the start of the year:

Affected Products and Versions

  • iPhone XS and later
  • iPad 7th generation and later
  • iPad Air 3rd generation and later
  • iPad mini 5th generation and later
  • macOS Sequoia versions before 15.6.1
  • macOS Ventura versions before 13.7.8
  • macOS Sonoma versions before 14.7.8
  • iPad Pro 11-inch 1st generation and later
  • iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later
  • iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation

Mitigation

Apple released the following versions to patch the vulnerabilities:

  • iPadOS 17.7.10
  • macOS Sequoia 15.6.1
  • macOS Ventura 13.7.8
  • macOS Sonoma 14.7.8
  • iOS 18.6.2 and iPadOS 18.6.2

For more information, please visit the Apple security advisories for macOS Sequoia, macOS Ventura, macOS Sonoma, iOS, and iPadOS.

Qualys Detection

Qualys customers can scan their devices with QIDs 610727, 610726, 384609, 384608, and 384607 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://support.apple.com/en-us/124925
https://support.apple.com/en-us/124926
https://support.apple.com/en-us/124929
https://support.apple.com/en-us/124927
https://support.apple.com/en-us/124928

Leave a Reply

Your email address will not be published. Required fields are marked *