What’s new: Apple has released security updates to address a zero-day vulnerability, tracked as CVE-2025-43300, affecting iOS, iPadOS, and macOS. This out-of-bounds write vulnerability in the ImageIO framework has been exploited in targeted attacks, potentially leading to memory corruption when processing malicious images. The issue has been fixed with improved bounds checking.
Who’s affected
The vulnerability impacts the following versions:
- iOS 18.6.2 and iPadOS 18.6.2 for iPhone XS and later, various iPad models.
- iPadOS 17.7.10 for iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation.
- macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1.
What to do
- Update affected devices to the latest versions as soon as possible to mitigate the risk of exploitation.
