Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad, and Mac now.
Several cybersecurity researchers recently warned that a critical vulnerability (CVE‑2025‑43300) in Apple’s image‑processing framework was being abused by attackers. Apple has now released updates across iPhone, iPad and Mac devices to address the issue.
Security researcher Pablo Sabbatella noted that the flaw involved image file handling in Apple’s systems. Another alert came from a separate security advisor, highlighting the threat posed by the zero‑day. This issue has since received urgent attention.
Security researcher Vladimir S. (known on X as Officer’s Notes) warned that CVE‑2025‑43300 was under active exploitation, noting that simply opening a maliciously crafted image was enough for an attacker to remotely take control of a device.
Apple confirmed that the vulnerability, a memory‑corruption flaw caused by an out‑of‑bounds write in the Image IO framework, had been found internally and fixed using improved boundary checks.
The company released security updates on August 20, 2025. Versions affected and now fixed include:
- iPadOS 17.7.10
- macOS Sequoia 15.6.1
- macOS Ventura 13.7.8
- macOS Sonoma 14.7.8
- iOS 18.6.2 and iPadOS 18.6.2
Affected devices include iPhone XS and newer models, various iPad and iPad Pro generations, and Mac systems running the listed macOS versions.
This flaw has now been added to the US CISA’s (Cybersecurity and Infrastructure Security Agency) Known Exploited Vulnerabilities Catalog, with organizations advised to apply fixes by September 11, 2025.
This is already the seventh zero-day Apple has had to fix this year, following five similar urgently patched flaws, plus a more recent one in the Safari browser. Therefore, if you are an Apple user following these steps to secure your devices:
- Update your device right away via Settings → General → Software Update on iOS/iPadOS, or System Settings → Software Update on macOS.
