Redazione RHC : 21 August 2025 08:50
Apple has released an urgent security patch for iOS and iPadOS to address a critical zero-day vulnerability. This vulnerability, identified as CVE-2025-43300, has been confirmed to be actively exploited in highly targeted attacks.
The urgent patches, released as iOS 18.6.2 and iPadOS 18.6.2, address a memory corruption vulnerability that could be triggered by processing a specially crafted image file.
The primary issue is an out-of-bounds write within the ImageIO framework, a critical component of how Apple operating systems handle and play various image formats.
According to Apple’s security advisory, the company is “aware of a report that this issue could have been exploited in a highly sophisticated attack targeting specific individuals.”
By sending a malicious image, an attacker could write data outside the intended memory buffer. This type of memory corruption flaw is a classic vector for arbitrary code execution, potentially allowing an attacker to take full control of an affected device.
This attack pattern is similar to previous zero-click exploits used to implement surveillance tools like Pegasus, in which victims are compromised simply by receiving a file via a messaging app, without any user interaction.
Apple’s released patches cover:
Active exploitation of CVE-2025-43300 transforms it from a theoretical risk to a clear and present danger for users of unpatched devices.
Redazione