Apple has released security updates to address a vulnerability (CVE-2025-43300) which could allow remote attackers to execute arbitrary code via a malicious image file.
Severity level:-
CVSS Score: N/A
Description:-
Apple ImageIO is a framework used across Apple platforms for handling image data. CVE-2025-43300 is an out-of-bounds write issue that be triggered by a vulnerable device processing a malicious image file. This flaw may result in memory corruption, potentially allowing attackers to execute arbitrary code. Apple has acknowledged reports that this vulnerability may have been exploited in highly targeted attacks against specific individuals.
Affected Versions :-
- macOS Sonoma before version 14.7.8.
- macOS Ventura before version 13.7.8.
- macOS Sequoia before version 15.6.1.
- iOS before version 18.6.2.
- iPadOS before version 17.7.10 and 18.6.2.
Impact:-
Successful exploitation may result in arbitrary code execution.
Resolution:-
Please update to the following patched versions:
- macOS Sonoma 14.7.8 or later.
- macOS Ventura 13.7.8 or later.
- macOS Sequoia 15.6.1 or later.
- iOS 18.6.2 or later.
- iPadOS 17.7.10 or 18.6.2 or later.
References:-
https://nvd.nist.gov/vuln/detail/CVE-2025-43300
https://support.apple.com/en-us/100100
https://www.cyber.gc.ca/en/alerts-advisories/apple-security-advisory-av25-533