Security vulnerability puts Apple users at risk
Actively exploited security vulnerability puts Apple users at risk
Emergency updates close an actively exploited vulnerability in iOS, iPadOS and MacOS. Users should patch urgently.
Apple has closed a dangerous security vulnerability in iOS, iPadOS and MacOS with an emergency update on August 20. As the company explains in a security announcement, there are indications that the vulnerability is already being exploited as part of an "extremely sophisticated attack on certain individuals". Users should therefore promptly install the latest security updates to protect themselves against possible attacks.
The vulnerability in question is registered as CVE-2025-43300 and, according to Apple, relates to the image I/O framework, which enables applications to read and write various image file formats. The vulnerability can result in memory corruption if a specially crafted image file is processed.
According to the information provided, this is an out-of-bounds write(CWE-787) flaw. Such vulnerabilities can often be exploited to manipulate memory contents such as return addresses and thus interfere with the program flow. The result is possible malicious code execution by the attacker.
No details known yet
Apple has not provided any technical details about the security vulnerability or the observed attacks in its announcement. However, this is not unusual. Such information is usually only made available to the public weeks later. This gives users enough time to apply the patches provided before other attackers can exploit the vulnerability for their own purposes.
According to Apple, the problem has been solved by an improved limit check. The patch is distributed via the operating system versions iOS and iPadOS 18.6.2, iPadOS 17.7.10 as well as MacOS Sequoia 15.6.1, Sonoma 14.7.8 and Ventura 13.7.8. Users should update their Apple devices accordingly in order to be protected against the current attacks.