Apple Zero-day Vulnerability - 20250821002¶
Overview¶
Apple has released emergency security updates to address a newly discovered zero-day vulnerability, CVE-2025-43300, found in the Image I/O framework, which handles image file processing across Apple devices.
The flaw is an out-of-bounds write issue, meaning malicious image files could cause memory corruption and potentially allow remote code execution when a malicious image file is processed.
What is vulnerable?¶
| Product(s) and Version(s) Affected | CVE | CVSS | Severity |
|---|---|---|---|
| iOS and iPadOS prior to 18.6.2 macOS Sequoia prior to 15.6.1 macOS Sonoma prior to 14.7.8 macOS Ventura proir to 13.7.8 |
CVE-2025-43300 | TBD | TBD |
What has been observed?¶
Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. The WA SOC has not received any reports of exploitation of this vulnerability on Western Australian Government networks at the time of writing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframes (refer Patch Management):