Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an “extremely sophisticated attack.” This flaw affects various devices, including the latest iPhone, iPad, and Mac models.
Please see the below information regarding important security updates from Apple.
Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an “extremely sophisticated attack.”
Summary
Apple has released emergency security updates to patch a zero-day vulnerability, CVE-2025-43300, found in the Image I/O framework. The flaw, an out-of-bounds write weakness, could allow attackers to corrupt memory or execute malicious code by tricking a device into processing a malicious image file. Apple reports the bug was exploited in an “extremely sophisticated attack” targeting specific individuals. The company has fixed the issue with improved bounds checking in.
The shortcoming impacts the following devices
The vulnerability affects a wide range of devices, including iPhone XS and later, multiple iPad models (from iPad Pro 12.9-inch 2nd gen up through the latest), iPad mini 5 and later, and Macs running the latest three macOS versions.
Apple has not shared information about the attackers or the campaign but is urging all users to update right away. Although this vulnerability appears to be used mainly in highly targeted attacks, installing today’s security updates promptly is strongly recommended to reduce the risk of ongoing exploitation.
DefenseStorm Response
DefenseStorm is recommending everyone to review the Apple security pages to see if you are impacted and apply any and all patches that are necessary.
Diana Rodriguez
Cyber Threat Intelligence Engineer
Diana Rodriguez is a Cyber Threat Intelligence Engineer for DefenseStorm. She joined DefenseStorm in 2019 with 9.5 years of experience in cybersecurity and banking. Diana’s career began at Wells Fargo where she played a pivotal role in protecting financial institutions. Over the 5 years with Wells Fargo, she held diverse positions there, first starting as a teller, then transitioning to become a financial crime analyst, and eventually a cyber security analyst. This experience provided her with a comprehensive understanding of the intricacies of the banking industry and the critical importance of cybersecurity in protecting sensitive data. Diana holds a Bachelor’s degree in computer science from UNCC and a Master’s Degree in Cybersecurity from UNC at Chapel Hill. She completed the MITRE ATT&CK® Defender certifications which provided her with the expertise to effectively apply knowledge of adversary behaviors, enhancing security configurations, analytics, and decision-making to provide the utmost protection for DefenseStorm’s clients. Diana also holds the GIAC Certified Incident Handler and NSE1, and NSE2. During her tenure at DefenseStorm, she has become proficient in the platform, taking an active role in proactively detecting and responding to cyber threats. She’s played a vital role in developing new policies and advanced analytics to detect and prevent potential attacks effectively while educating and empowering customers to optimize the DefenseStorm services to fortify their security measures.