What is the Apple zero-day vulnerability that was actively exploited?

Apple has patched a zero-day vulnerability that is an out-of-bounds write flaw in the Image I/O framework. This vulnerability has been actively exploited in targeted attacks against specific individuals. Processing a malicious image file could result in memory corruption, potentially allowing attackers to gain unauthorized access to devices.

What is CVE-2025-43300 and does it have an official CVE number?

While referenced as CVE-2025-43300, no official CVE number has been assigned to this Apple Image I/O vulnerability yet.

Which Apple devices are affected by the Image I/O vulnerability?

Affected devices include iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later, and Mac computers running macOS Sequoia, macOS Sonoma, and macOS Ventura.

What are the patched versions for the Apple Image I/O vulnerability?

The patched versions are iOS 18.6.2 and iPadOS 18.6.2 for mobile devices, iPadOS 17.7.10 for older iPad models, and macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8 for Mac computers.

Who is behind the attacks exploiting this Apple vulnerability?

Apple acknowledged being aware that this issue may have been exploited in extremely sophisticated attacks against specific targeted individuals. The targeting nature suggests the exploit is used either by state-sponsored attackers or government agencies.

What should Apple users do about this Image I/O vulnerability?

Apple strongly recommends all users install the security updates immediately. Given the targeting nature of the attacks and the sophisticated threat actors involved, patching should be a priority for all users.

Advisory

Apple releases updates for actively exploited zero-day vulnerability in ImageIO framework

Q: What is Apple's Image I/O framework?

Apple's ImageIO framework is a core component that enables applications to read and write most common image file formats across iOS, iPadOS, and macOS systems.

published: Aug. 21, 2025

Take action: This one is important. If Apple thinks a single vulnerability is worth releasing new versions of iOS, iPadOS and macOS, you should consider the patch VERY IMPORTANT. Don't delay, update your devices, use the hour while they are updating for a short walk. Best for both you and computer.

Learn More

Apple has released emergency security updates to patch a zero-day vulnerability that has been actively exploited in targeted attacks.

The flaw is tracked as CVE-2025-43300 (no CVE assigned yet) and is an out-of-bounds write vulnerability in the Image I/O framework. Apple's ImageIO framework, is a core component that enables applications to read and write most common image file formats across iOS, iPadOS, and macOS systems. An out-of-bounds write occurs when attackers cause a program it to write data outside the allocated memory buffer, which can lead to memory corruption, program crashes, data corruption, or in the worst-case scenario, arbitrary code execution.

Apple acknowledged that they are "aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals." Processing a malicious image file could result in memory corruption, potentially allowing attackers to gain unauthorized access to devices, execute surveillance, or compromise system integrity.

Affected devices include

iPhone XS and later,
iPad Pro 13-inch,
iPad Pro 12.9-inch 3rd generation and later,
iPad Pro 11-inch 1st generation and later,
iPad Air 3rd generation and later,
iPad 7th generation and later,
iPad mini 5th generation and later.
Mac computers running macOS Sequoia, macOS Sonoma, and macOS Ventura.

The patched versions are

iOS 18.6.2 and iPadOS 18.6.2 for mobile devices,
iPadOS 17.7.10 for older iPad models,
macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8 for Mac computers.

Apple strongly recommends all users install the security updates immediately. The targeting nature of attacks means the exploit is used either by state sponsored attackers or government agencies. Either way, patching should be a priority.

Update - as of 16th of September 2025, Apple has released security updates to backport patches released last month to older iPhones and iPads. Apple has now addressed this zero-day flaw in iOS 15.8.5 / 16.7.12, as well as iPadOS 15.8.5 / 16.7.12

Apple releases updates for actively exploited zero-day vulnerability in ImageIO framework

Read More
AMD Zen systems vulnerable to 'Inception' data leak …
Critical macOS SMBClient flaws enable remote code execution
CISA warns of active exploitation of Windows SMB …
Google Chrome 145 Update Patches 11 Vulnerabilities Including …
Apple releases emergency updates for two new WebKit …