Apple yesterday released emergency security updates for iOS and iPadOS to patch a critical zero-day vulnerability in its core Image I/O framework. The flaw, tracked as CVE-2025-43300, is confirmed to be under active exploitation in highly targeted attacks.
The urgent patches, released as iOS 18.6.2 and iPadOS 18.6.2, address a memory corruption vulnerability that could be triggered by processing a specially crafted image file.
According to Apple’s security advisory, the company is “aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
At the heart of the issue is an out-of-bounds write within the ImageIO framework, a component fundamental to how Apple’s operating systems handle and render various image formats.
By sending a malicious image, an attacker could write data outside of the intended memory buffer. This type of memory corruption flaw is a classic vector for achieving arbitrary code execution, potentially allowing an attacker to take full control of an affected device.
The targeted nature of the exploit suggests the involvement of sophisticated threat actors, such as state-sponsored groups developing spyware.
This attack pattern is similar to past zero-click exploits used to deploy surveillance tools like Pegasus, where victims are compromised simply by receiving a file via a messaging app, with no user interaction required.
In response to this threat, Apple has made security patches available for a wide range of devices:
- iPhone XS and later
- iPad Pro (13-inch, 12.9-inch 3rd gen and later, 11-inch 1st gen and later)
- iPad Air 3rd generation and later
- iPad 7th generation and later
- iPad mini 5th generation and later
The fix addresses the vulnerability by implementing improved bounds checking, preventing the out-of-bounds write from occurring. Apple has credited itself with the discovery of the vulnerability, which is common practice when a flaw is identified internally or through the analysis of an ongoing attack.
The active exploitation of CVE-2025-43300 elevates it from a theoretical risk to a clear and present danger for users of unpatched devices.
Security researchers and Apple alike strongly advise all users to install the updates immediately through the Software Update function in their device’s Settings to protect themselves from these targeted attacks.
Safely detonate suspicious files to uncover threats, enrich your investigations, and cut incident response time. Start with an ANYRUN sandbox trial →
Source link
