Apple has issued an emergency update to fix a critically vulnerable zero-day exploit in its ImageIO framework, which affects iOS, iPadOS, macOS, Sonoma, and Ventura devices. The fix was released on August 20 for affected versions of these operating systems.
The vulnerability, designated as CVE-2025-43300, is an out-of-bounds write issue in the ImageIO framework. This component app is responsible for reading and writing standard image formats across Apple's devices. The flaw allows attackers to hijack devices with a maliciously crafted image file, which can lead to memory corruption.
According to Apple, the vulnerability has been actively exploited in targeted attacks against specific individuals. This type of attack is designed to be stealthy, allowing attackers to spy on users and steal sensitive data without their knowledge or consent. In this case, a sophisticated hacking group may have abused the vulnerability as part of its malicious activities.
Apple credits its own security team with discovering the vulnerability and has since tightened bounds checking to close the hole. Fixes were made available on August 20 for iOS and iPadOS 18.6.2, macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8.
This fix is the latest in a series of emergency updates from Apple this year. Just last month, the company issued a patch for another exploited zero-day vulnerability, which allowed attackers to compromise devices by sending malicious image or video links through iCloud. Researchers linked that attack to Paragon's Graphite spyware.
While most users may not be directly affected by this latest fix, it serves as a reminder of the importance of keeping your device up-to-date and vigilant about online threats. If you're concerned about being targeted by sophisticated attacks, it's likely that you already have measures in place to protect yourself.
If your device runs on iOS, iPadOS, or macOS, install the latest available build as soon as possible. This will help ensure your device remains secure against known vulnerabilities and minimize potential risks.