Name of the Vulnerable Software and Affected Versions
Apple iOS, iPadOS, and macOS versions prior to 18.6.2, 17.7.10, and 15.6.1 (Sequoia), 14.7.8 (Sonoma), and 13.7.8 (Ventura)
Description
Apple addressed a critical zero-day vulnerability (CVE-2025-43300) in the ImageIO framework, which could allow attackers to achieve remote code execution (RCE) simply by processing a maliciously crafted image file. This vulnerability has been actively exploited in targeted attacks, potentially impacting a limited number of individuals. The flaw is an out-of-bounds write issue that can be triggered without any user interaction, making it a zero-click exploit. Reports suggest that attackers have used this vulnerability in sophisticated attacks, potentially targeting high-value individuals and their cryptocurrency wallets. The vulnerability affects various Apple platforms, including iPhones, iPads, and Macs.
Recommendations
Update to iOS 18.6.2, iPadOS 18.6.2 or 17.7.10, and macOS Sequoia 15.6.1, Sonoma 14.7.8, or Ventura 13.7.8 to address this vulnerability.