Full Report
Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an "extremely sophisticated attack." [...]
Analysis Summary
# Vulnerability: Apple Image I/O Out-of-Bounds Write Zero-Day Under Attack
## CVE Details
- CVE ID: CVE-2025-43300
- CVSS Score: Not explicitly listed, but described as part of an "extremely sophisticated attack."
- CWE: CWE-787 (Out-of-bounds Write)
## Affected Systems
- Products: iOS, iPadOS, macOS
- Versions:
- iOS/iPadOS: Earlier than 18.6.2 or 17.7.10
- macOS: Earlier than Sequoia 15.6.1, Sonoma 14.7.8, or Ventura 13.7.8
- Configurations: Any device capable of processing malicious image files via the Image I/O framework.
- Affected Devices include iPhone XS and later, various iPad models (Pro, Air, base), and Macs running Sequoia, Sonoma, and Ventura.
## Vulnerability Description
This vulnerability is an **out-of-bounds write** weakness located in Apple's **Image I/O framework**. An attacker can exploit this flaw by supplying a specially crafted, malicious image file. Successful exploitation allows an attacker to write data outside of the memory buffer allocated for the image processing, leading to memory corruption. In severe cases, this could lead to program crashes or remote code execution (RCE).
## Exploitation
- Status: Exploited in the wild (Actively exploited in a confirmed "extremely sophisticated attack against specific targeted individuals").
- Complexity: Implied to be low complexity for exploitation, given it is a file parsing vulnerability, but the actual attack targeting was highly sophisticated.
- Attack Vector: Network (Delivering the malicious image file)
## Impact
- Confidentiality: High (Potential for RCE allows full system compromise)
- Integrity: High (Memory corruption leading to arbitrary code execution)
- Availability: High (Potential for Denial of Service via application/system crash)
## Remediation
### Patches
- **iOS/iPadOS:** Update to version **18.6.2** or **17.7.10**.
- **macOS:** Update to version **Sequoia 15.6.1**, **Sonoma 14.7.8**, or **Ventura 13.7.8**.
### Workarounds
No specific workarounds were detailed, as patching is strongly advised due to active, targeted exploitation.
## Detection
- **Indicators of Compromise:** Not detailed in the article.
- **Detection methods and tools:** Monitoring for unusual processes spawned after an image file is opened or loaded via mail, messaging, or web browsing. Prompt installation of security updates is the primary defense.
## References
- Vendor Advisory (iOS/iPadOS): support.apple.com/en-us/124925 (Defanged)
- Vendor Advisory (iPadOS/Older): support.apple.com/en-us/124926 (Defanged)
- Vendor Advisory (macOS Sequoia): support.apple.com/en-us/124927 (Defanged)
- Vendor Advisory (macOS Sonoma): support.apple.com/en-us/124928 (Defanged)
- Vendor Advisory (macOS Ventura): support.apple.com/en-us/124929 (Defanged)