CVE-2025-43300

Name of the Vulnerable Software and Affected Versions Apple iOS, iPadOS, macOS versions prior to 18.6.2, 17.7.10, and macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8.

Description Apple addressed a critical zero-day vulnerability (CVE-2025-43300) in the ImageIO framework. This is an out-of-bounds write issue that allows for remote code execution (RCE) via a crafted image file, requiring no user interaction (zero-click exploit). The vulnerability has been actively exploited in targeted attacks, potentially leading to device hijacking and data theft, including cryptocurrency wallets. The flaw affects iOS, iPadOS, and macOS. Reports indicate the vulnerability was used in sophisticated attacks.

Recommendations Update all affected Apple devices to the latest versions: iOS 18.6.2, iPadOS 18.6.2 or 17.7.10, macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8.