Apple releases security updates for iOS, iPadOS, and macOS after discovery of active exploitation of CVE-2025-43300 vulnerability

Apple releases security updates for iOS, iPadOS, and macOS after discovery of active exploitation of CVE-2025-43300 vulnerability Apple has released urgent updates for iOS, iPadOS, and macOS, fixing a zero-day vulnerability CVE-2025-43300, which was already actively used by attackers in targeted attacks against individual users.

The vulnerability was discovered in the ImageIO framework – an out-of-bounds write error could occur when processing a malicious image, leading to memory corruption. This opened the possibility of executing arbitrary code on a victim’s device.
Apple noted that the issue was resolved due to improved bounds checking, and the vulnerability itself was discovered by internal researchers.

The updates are now available to users:

• iOS 18.6.2 and iPadOS 18.6.2 – for iPhone XS and later, iPad Pro (13, 12.9, 11 inches), iPad Air 3rd generation and later, iPad mini 5th generation;

• iPadOS 17.7.10 – for iPad Pro 12.9″ 2nd generation, iPad Pro 10.5″, iPad 6th generation;

• macOS Ventura 13.7.8, Sonoma 14.7.8 and Sequoia 15.6.1 – for eligible systems.

While Apple has not disclosed details of the attacks or the organizations behind them, experts are confident that the exploit was used in high-precision targeted operations. Since the beginning of 2025, the company has already fixed at least seven zero-day vulnerabilities, including CVE-2025-24085, CVE-2025-24200, CVE-2025-31200, and others. Last month, Apple closed another critical flaw in Safari (CVE-2025-6558), which Google discovered during active use in Chrome.

This demonstrates the continued interest of hackers in Apple products and the importance of regular system updates.

Users are strongly advised to immediately update their devices to the latest versions of iOS, iPadOS, and macOS. Zero-day CVE-2025-43300 is already being used in real attacks, so delaying could lead to data loss or complete device compromise.