Apple patches high severity zero-day vulnerability

By Addigy on August 21, 2025

On August 20th, Apple released an update for iOS, iPadOS, and macOS devices patching a zero-day vulnerability that was being used in an “extremely sophisticated attack against specific targeted individuals.”

The vulnerability, CVE-2025-43300, affects the Image I/O framework, which allows apps to open or write an image. In the Image I/O framework, there was an out-of-bounds write issue in which processing a malicious image could lead to the program crashing or the memory getting corrupted. In some cases, these kinds of memory corruptions could be used to run the attacker’s code with elevated permissions (Remote Code Execution) leading to serious compromise.

Apple fixed this vulnerability with improved bounds checking in the following operating systems:

  • iOS 18.6.2 and iPadOS 18.6.2
  • iPadOS 17.7.10
  • macOS Sequoia 15.6.1
  • macOS Sonoma 14.7.8
  • macOS Ventura 13.7.8

Apple has not released details on the nature of the attacks using this vulnerability, however, it is highly recommended to update as soon as possible to avoid potential exploitation. 

Addigy provides a seamless update process to patch these devices to the latest version to mitigate this vulnerability. Find out more details about how to apply system updates here.

Similar Posts

Illustration of a critical Apple zero-day vulnerability affecting macOS and iOS devices

How IT Teams Can Stay Ahead of Apple Zero-Day Threats

Apple’s latest zero-day vulnerability, CVE-2025-24085, is a stark reminder that IT teams must act fast to keep their Apple fleets secure. This use-after-free flaw in the Core Media component has been actively exploited, putting iPhones, Macs, and iPads at risk.