Name of the Vulnerable Software and Affected Versions
Apple iOS, iPadOS, macOS, and tvOS versions prior to 18.6.2, 17.7.10, 15.8.5, 14.7.8, 13.7.8, and Sequoia 15.6.1.
Description
Apple is addressing a critical zero-day vulnerability (CVE-2025-43300) in the ImageIO framework. This flaw is an out-of-bounds write issue that allows attackers to achieve remote code execution (RCE) simply by processing a maliciously crafted image file, requiring no user interaction (zero-click exploit). The vulnerability has been actively exploited in targeted attacks, potentially leading to device compromise and data theft, including cryptocurrency wallets. The flaw impacts a wide range of Apple devices, including iPhones, iPads, and Macs. Reports indicate that this vulnerability was exploited in sophisticated attacks targeting specific individuals.
Recommendations
Update all affected Apple devices to the latest available versions: iOS 18.6.2, iPadOS 18.6.2 or 17.7.10, macOS Sequoia 15.6.1, Sonoma 14.7.8, Ventura 13.7.8, and tvOS 15.8.5.