Apple backports fix for actively exploited CVE-2025-43300

In August 2025, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and macOS. The vulnerability is a zero-day out-of-bounds write issue that resides in the ImageIO framework; an attacker could exploit it to cause memory corruption when processing a malicious image.

“Processing a malicious image file may result in memory corruption,” reads the advisory published by the tech giant. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

WhatsApp recently confirmed that attackers chained CVE-2025-55177 with CVE-2025-43300 in spyware campaigns targeting fewer than 200 people. Apple patched the flaws in recent iOS, iPadOS, and macOS updates, including older versions.

To read the complete article see: Security Affairs!