**Name of the Vulnerable Software and Affected Versions:**

Apple iOS, iPadOS, and macOS versions prior to 18.6.2, 17.7.10, Sonoma 14.7.8, Ventura 13.7.8, and Sequoia 15.6.1.

**Description:**

This vulnerability (CVE-2025-43300) is an out-of-bounds write issue within the ImageIO framework, a core component responsible for processing image files across Apple platforms. Processing a maliciously crafted image file can lead to memory corruption, potentially allowing an attacker to execute arbitrary code. Reports indicate this vulnerability has been actively exploited in targeted attacks, with some reports suggesting high-value individuals, including those in finance and with cryptocurrency holdings, have been specifically targeted. The exploit is considered a “zero-click” vulnerability, meaning it can be triggered without any user interaction, such as simply receiving or previewing a malicious image. The vulnerability allows for remote code execution and potential data theft.

**Recommendations:**

Update all affected Apple devices to the latest available versions: iOS 18.6.2, iPadOS 18.6.2 or 17.7.10, macOS Sonoma 14.7.8, Ventura 13.7.8, and Sequoia 15.6.1.