Apple Fixes New Zero-Day Vulnerability Exploited in Attacks

Apple just released emergency updates to patch a new zero-day vulnerability that was already being actively exploited in what the company describes as an “extremely sophisticated attack.”

The flaw, identified as CVE-2025-43300, was found in the Image I/O component, which Apple uses to handle images across its devices. According to security researchers, the issue stems from an out-of-bounds write error—a critical bug that could allow attackers to execute malicious code simply by manipulating images crafted to exploit that weakness.

Apple Fixes Zero-Day Vulnerability in Image I/O

Apple has released a new security patch after discovering that a dangerous vulnerability was being actively exploited in highly sophisticated attacks targeting specific individuals.

The flaw involves an error known as an out-of-bounds write. What does that mean in plain language? Essentially, it occurs when an application writes data where it shouldn't within a device's memory. This can lead to anything from minor glitches or data loss to something far more serious: enabling attackers to remotely execute malicious code without the user’s knowledge.

According to Apple, “processing a maliciously crafted image file may lead to memory corruption.” This is because the vulnerability affects Image I/O, the component responsible for processing images on iOS, macOS, and iPadOS. In simple terms: opening an apparently harmless image could be enough to compromise your device.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific individuals,” the company stated in its security advisories published on Wednesday.

What Did Apple Do to Fix It?

Apple has improved the boundary checking mechanisms in the code, which prevents data from being written outside the safe area of memory. This fix is now available in the following operating system versions:

1. iOS 18.6.2

2. iPadOS 18.6.2 and 17.7.10

3. macOS Sequoia 15.6.1

4. macOS Sonoma 14.7.8

5. macOS Ventura 13.7.8

If you have any of these devices, make sure to install the update as soon as possible to keep your system protected against potential attacks.

Read more: Microsoft Patch Tuesday August 2025: 107 Vulnerabilities Fixed

Which Apple Devices Are Affected by This Zero-Day Vulnerability?

This time, the list of devices affected by the new zero-day vulnerability is quite extensive. The security flaw impacts both older and newer models, meaning millions of users could be at risk if they don't update their devices promptly.

Read more: What is patch management?

Apple Has Already Patched Six Zero-Day Vulnerabilities in 2025

With this latest vulnerability (CVE-2025-43300), Apple has now fixed six zero-day flaws so far this year—a clear sign that advanced attacks continue to grow in both frequency and intensity. Here's a quick summary:

1. January: CVE-2025-24085

2. February: CVE-2025-24200

3. March: CVE-2025-24201

4. April: CVE-2025-31200 and CVE-2025-31201

5. August: CVE-2025-43300 (the current one)

And that’s not all. In 2024, the company also had to deal with six actively exploited zero-day vulnerabilities, recorded in:

1. January

2. March (2 vulnerabilities)

3. May

4. November (2 vulnerabilities)

This situation highlights a crucial truth: not even the most secure systems are immune to attacks. The best defense users have is to always keep their devices up to date.