Apple fixes new zero-day flaw exploited in targeted attacks

Threat Score:
70
BleepingComputer
13 hours ago

Overview

Apple fixes new zero-day flaw exploited in targeted attacks Sergiu Gatlan August 20, 2025 02:44 PM 0 Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack." Tracked as CVE-2025-43300, this security flaw is caused by anout-of-bounds write weaknessdiscovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats. An out-of-bounds write occurs when ...

Related Articles

5 articles
1

Apple Confirms Critical 0-Day Under Active Attack – Immediate Update Urged

GB Hackers 2 hours ago

Apple Confirms Critical 0-Day Under Active Attack – Immediate Update Urged Apple has issued an emergency security update for iOS 18.6.2 and iPadOS 18.6.2 to address a critical zero-day vulnerability that the company confirms is being actively exploited in sophisticated attacks against targeted individuals. The update,releasedon August 20, 2025, patches a severe flaw in the ImageIO component that could allow attackers to execute malicious code through specially crafted image files. Critical Vulne

Score
88
Read more
2

Critical Flaw in Apache Tika PDF Parser Exposes Sensitive Data to Attackers

GB Hackers 2 hours ago

Critical Flaw in Apache Tika PDF Parser Exposes Sensitive Data to Attackers A critical XML External Entity (XXE) vulnerability has been discovered in Apache Tika’s PDF parser module, potentially allowing attackers to access sensitive data and compromise internal systems. The flaw, tracked as CVE-2025-54988, affects a wide range of Apache Tika deployments and has prompted immediate security advisories from theApache Software Foundation. The security flaw resides in the PDFParser’s handling of XFA

Score
86
Read more
3

Critical Apache Tika PDF Parser Vulnerability Allow Attackers to Access Sensitive Data

Cybersecurity News 1 hour ago

A critical security vulnerability has been discovered in Apache Tika’s PDF parser module that could enable attackers to access sensitive data and trigger malicious requests to internal systems.  The flaw, designated as CVE-2025-54988, affects multiple versions of the widely used document parsing library and has been assigned a critical severity rating by security researchers. Key […]

Score
84
Read more
5

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

The Hacker News 3 hours ago

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in theImageIO frameworkthat could result in memory corruption when processing a malicious image. "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company said i

Score
83
Read more