Apple has released an urgent security patch for iOS and iPadOS to address a critical zero-day vulnerability. This vulnerability, identified as CVE-2025-43300, has been confirmed to be actively exploited in highly targeted attacks.
The urgent patches, released as iOS 18.6.2 and iPadOS 18.6.2, address a memory corruption vulnerability that could be triggered by processing a specially crafted image file.
The primary issue is an out-of-bounds write within the ImageIO framework, a critical component of how Apple operating systems handle and play various image formats.
According to Apple’s security advisory, the company is “aware of a report that this issue could have been exploited in a highly sophisticated attack targeting specific individuals.”
By sending a malicious image, an attacker could write data outside the intended memory buffer. This type of memory corruption flaw is a classic vector for arbitrary code execution, potentially allowing an attacker to take full control of an affected device.
This attack pattern is similar to previous zero-click exploits used to implement surveillance tools like Pegasus, in which victims are compromised simply by receiving a file via a messaging app, without any user interaction.
Apple’s released patches cover:
Active exploitation of CVE-2025-43300 transforms it from a theoretical risk to a clear and present danger for users of unpatched devices.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
