Apple Patches Critical Zero-Day Flaw in “Extremely Sophisticated Attack”

Apple has released a critical security update to address a newly discovered zero-day vulnerability that was actively exploited in what the company describes as an extremely sophisticated attack against specific targeted individuals. This flaw, identified as CVE-2025-43300, involves an out-of-bounds write issue within the Image I/O framework, a component used by both iOS and macOS. If exploited, the vulnerability allows malicious image files to trigger memory corruption, potentially giving attackers the ability to execute arbitrary code on affected devices.

The issue stems from improper bounds checking when processing certain image formats, enabling threat actors to craft specially designed files that compromise system integrity. Apple has resolved the problem by implementing enhanced input validation and memory management protocols in the latest software versions. While the company has not disclosed the identity of the attackers or the exact nature of the campaigns, the targeted nature of the incidents suggests the deployment of advanced spyware aimed at high-value targets.

Although these attacks appear to have been narrowly focused, the underlying vulnerability poses a risk to all users whose devices remain unpatched. Apple urges customers to install the latest updates immediately to protect against potential exploitation. Security experts emphasize that even highly selective attacks can sometimes serve as testing grounds for broader campaigns, making prompt patching essential for all iPhone, iPad, and Mac users.

Staying informed about emerging threats is crucial in today’s digital environment. Subscribing to reliable cybersecurity alerts can help users and organizations respond quickly to new vulnerabilities and reduce their exposure to risk.

(Source: HelpNet Security)