Apple has released security updates to address security flaws affecting iOS, iPados and MacOS, saying it is undergoing active exploitation in the wild.
The zero-day outbound write vulnerability tracked as CVE-2025-43300 lies in the Imageio framework that can result in memory corruption when processing malicious images.
“Apple is aware of reports that this issue may have been exploited in a highly sophisticated attack on a particular targeted individual,” the company said in its recommendation.
The iPhone maker said the bug was discovered internally and the boundary checking was improved and addressed. The following versions address security flaws –
- iOS 18.6.2 and iPads 18.6.2 – iPhone XS and then iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd Generation and later, iPad 7th generation and later, iPad Mini 5th Generation and later
- iPados 17.7.10 – iPad Pro 12.9 inch 2nd generation, iPad Pro 10.5 inch, iPad 6th generation
- Macos Ventura 13.7.8 – MAC running ventura
- Sonoma Machus 14.7.8 – Mac running MacOS Sonoma
- MacOS Secoia 15.6.1 – Mac running MacOS Sequoia
It is currently unknown who was behind the attack and who was targeted, but the vulnerability could be weaponized as part of a highly targeted attack.
With the latest update, Apple has fixed a total of seven zero-days so far: CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201 and CVE-2025-43200, CVE-2025-24085, CVE-2025-24201, CVE-2025-24085, CVE-2025-24201, CVE-2025-24201, CVE-2025-24201, and CVE-2025-43200.
Last month, the company issued a patch for a vulnerability in Safari that exists in an open source component (CVE-2025-6558) that Google reportedly exploited as zero-day in a Chrome web browser.
