Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

To fix a security vulnerability affecting iOS, iPadOS, and macOS that it claims has been actively exploited in the wild, Apple has published security upgrades.

The ImageIO framework contains a zero-day out-of-bounds write vulnerability known as CVE-2025-43300 (CVSS score: 8.8) that may cause memory corruption when processing a malicious image.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” an alert from the firm stated.

According to the iPhone manufacturer, the flaw was found internally and fixed with enhanced bounds checking.  The security flaw is fixed in the following versions:

Although the attackers and potential targets are unknown at this time, it is likely that the vulnerability has been used as a component of highly targeted attacks.

Since the beginning of the year, Apple has patched seven zero-day vulnerabilities with the most recent update: CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, and CVE-2025-43200.

Additionally, the business released remedies last month for a Safari vulnerability (CVE-2025-6558) that was found to have been exploited as a zero-day in the Chrome web browser, according to Google.

About The Author:

Yogesh Naager is a content marketer who specializes in the cybersecurity and B2B space.  Besides writing for the News4Hackers blogs, he also writes for brands including Craw Security, Bytecode Security, and NASSCOM.

Read More:

Weak Passwords and Compromised Accounts: Discoveries in Blue Report 2025

About Author

daksh kataria

See author's posts