Apple has released emergency updates to address a critical zero-day vulnerability, tracked as CVE-2025-43300, that has been exploited in what has been described as an 'extremely sophisticated attack' targeting specific individuals. The vulnerability affects the Image I/O framework, utilized by both iOS and macOS operating systems. Apple disclosed that the flaw results from an out-of-bounds write issue, which could lead to memory corruption when processing malicious image files. As part of its response, Apple has rolled out updates for various platforms, including iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. The company stated, 'Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.' Given the potential severity of the exploitation, which could allow for remote code execution, the company advises all users to upgrade their devices immediately. The attacks appear to have been limited to specific individuals, possibly indicating an espionage motive, although details on the actors behind the attacks have not yet been disclosed. Security experts emphasize the importance of timely updates, especially as the vulnerability could lead to significant risks for users. 'An out-of-bounds write issue was addressed with improved bounds checking,' Apple noted in its advisories. This proactive measure aims to prevent further exploitation of the flaw. The vulnerability's presence in both older and newer Apple devices highlights the ongoing risks associated with software vulnerabilities and the critical need for users to maintain updated systems. As a precaution, Apple continues to monitor the situation closely, and cybersecurity professionals recommend that users remain vigilant against potential phishing or other targeted attacks that could exploit similar vulnerabilities in the future.
