CVE-2025-43300

Name of the Vulnerable Software and Affected Versions: Apple iOS, iPadOS, and macOS versions 15.6.1, 15.7, 15.8.5, 16.7.12, 17.7.10, and 18.6.2 are affected.

Description: Apple has addressed a zero-day vulnerability (CVE-2025-43300) in the ImageIO framework. This is an out-of-bounds write issue that can be exploited by processing a maliciously crafted image file, potentially leading to remote code execution. The vulnerability has been actively exploited in targeted attacks, with reports suggesting it has been used to compromise devices and steal data, including cryptocurrency wallets. The flaw affects iOS, iPadOS, and macOS. Attackers can exploit this vulnerability without user interaction, simply by sending a malicious image.

Recommendations: Update to the latest versions of iOS, iPadOS, and macOS (15.6.1, 15.7, 15.8.5, 16.7.12, 17.7.10, and 18.6.2) to patch the vulnerability.