Apple Fixes Actively Exploited Zero-Day CVE-2025-43300 in iOS, iPadOS, and macOS

Apple Fixes Actively Exploited Zero-Day CVE-2025-43300 in iOS, iPadOS, and macOS

Apple has rolled out urgent security updates after discovering a zero-day vulnerability (CVE-2025-43300) being used in sophisticated targeted attacks.

The flaw resides in the ImageIO framework and can trigger memory corruption when processing a malicious image, potentially giving attackers a way to compromise affected devices.

Versions Fixed

• iOS / iPadOS 18.6.2 – iPhone XS and later, iPad Pro & newer iPads
• iPadOS 17.7.10 – select iPad Pro models
• macOS Ventura 13.7.8
• macOS Sonoma 14.7.8
• macOS Sequoia 15.6.1

Apple confirmed that the issue has already been used in highly targeted attacks against specific individuals. This marks the 7th zero-day patched by Apple in 2025, following a string of vulnerabilities across iOS, macOS, and Safari.

Why This Matters

Zero-day vulnerabilities are extremely valuable to attackers as they exploit unknown flaws before vendors can provide a patch. Even if this attack seems targeted, history demonstrates that such vulnerabilities can quickly escalate into broader campaigns if not addressed.

What You Should Do

• Update all iPhones, iPads, and Macs immediately.
• Encourage employees and partners to apply patches across their devices.
• Maintain a proactive security posture to respond quickly to zero-day risks.

🔐 How Alcaeus Can Help
At Alcaeus, we specialize in helping organizations mitigate zero-day threats by:

• Implementing patch management policies
• Providing 24/7 monitoring & incident response
• Delivering security awareness & advisory services

👉 Contact us to learn how we can strengthen your resilience against evolving cyber threats.