Apple has issued security updates to address a safety defect affecting iOS, iPados and Macos that has been said that it has come under active exploitation in the wild.
The zero-day out-of-bounds writes vulgarity, which is tracked as a CVE-2025-43300, remains in the imageio framework, resulting in a memory corruption when processing the malicious image.
The company said in an advice, “Apple knows about a report that the issue can be advised in a highly sophisticated attack against specific target persons.”
The iPhone manufacturer stated that the bug was discovered internally and it was addressed with a better border check. The following versions address security defects –
- iOS 18.6.2 and iPados 18.6.2 -Ieiphone XS and later, iPad Pro 13-Inch, iPad Pro 12.9-inch third generation and later, iPad Pro 11-inch first generation and later, ipad air 3rd generation and subsequent, later, iPad 7th generation and later, and later, and ipad mini 5th generation and later and later and later
- iPados 17.7.10 -Pad Pro 12.9-inch 2 generations, iPad Pro 10.5-inch, and iPad 6th generation
- Mcos Ventura 13.7.8 – MacoS Ventura running Mac
- Mcos Sonoma 14.7.8 – Mac running Macos Sonoma
- MacoS Sea 15.6.1 – MacoS Seven Running Mac
It is not currently known who is behind the attacks and who may have been targeted, but it is likely that vulnerability has been made weapons as part of high targeted attacks.
With the latest update, Apple has fixed a total of seven zero-day so far, which has been abused in real-world attacks since the beginning of the year: CVE-2025-24085, CVE-2025-24200, Cve-2025-24201, Cve-2025-24201, Cve-2025-31200, cve-2025-31200, cve-2025-31201201, CVE-4325.
Last month, the company also issued patches for safari vulnerability living in an open-source component (CVE-2025-6558), which Google exploited as zero-day in the Chrome web browser.
