CVE-2025-43300

Name of the Vulnerable Software and Affected Versions Apple iOS, iPadOS, macOS versions prior to 18.6.2, 17.7.10, and 15.8.5

Description Apple addressed a critical zero-day vulnerability (CVE-2025-43300) in the ImageIO framework, an out-of-bounds write issue that could lead to remote code execution (RCE) with no user interaction required. This flaw was reportedly exploited in targeted attacks, potentially impacting high-value individuals and cryptocurrency users. The vulnerability allows attackers to execute arbitrary code by processing a maliciously crafted image file. The flaw was actively exploited in the wild, and Apple released emergency updates to address it. The vulnerability affects iOS, iPadOS, and macOS.

Recommendations Update all affected devices to the latest versions: iOS 18.6.2, iPadOS 18.6.2 or 17.7.10, and macOS Sequoia 15.6.1, Sonoma 14.7.8, or Ventura 13.7.8.