Redazione RHC : 8 September 2025 17:21
On August 20, Apple released an unscheduled security update for all major operating systems: iOS, iPadOS, macOS, and other platforms. The patch addresses the CVE-2025-43300 vulnerability in the ImageIO module: a buffer overflow error that was addressed through stricter bounds checking during image processing. The vulnerability has received increasing attention: it has been reported as “exploited in real-world attacks” and without user intervention.
Separately, WhatsApp released a fix, noting that attackers could force the victim’s device to download a resource from an arbitrary URL and start processing it; This issue is believed to have been part of an exploit chain involving CVE-2025-43300.
Researchers quickly dismantled the patch and identified its root cause. According to their data, the issue lies in the DNG format handler, where JPEG Lossless compression is detected within the “digital negative.” Analysis of the binary files highlighted the modification point in the RawCamera component within ImageIO. The new builds offer an additional check for overflowing when decompressing image lines: Checks have been added for the allocated buffer size and exception handling in case the recording might exceed the valid area.
Sponsorizza la prossima Red Hot Cyber Conference!Il giorno Lunedì 18 maggio e martedì 19 maggio 2026 9 maggio 2026, presso il teatro Italia di Roma (a due passi dalla stazione termini e dalla metro B di Piazza Bologna), si terrà la V edizione della la RHC Conference. Si tratta dell’appuntamento annuale gratuito, creato dalla community di RHC, per far accrescere l’interesse verso le tecnologie digitali, l’innovazione digitale e la consapevolezza del rischio informatico. Se sei interessato a sponsorizzare l'evento e a rendere la tua azienda protagonista del più grande evento della Cybersecurity Italiana, non perdere questa opportunità. E ricorda che assieme alla sponsorizzazione della conferenza, incluso nel prezzo, avrai un pacchetto di Branding sul sito di Red Hot Cyber composto da Banner più un numero di articoli che saranno ospitati all'interno del nostro portale. Quindi cosa stai aspettando? Scrivici subito a [email protected] per maggiori informazioni e per accedere al programma sponsor e al media Kit di Red Hot Cyber. 
Se ti piacciono le novità e gli articoli riportati su di Red Hot Cyber, iscriviti immediatamente alla newsletter settimanale per non perdere nessun articolo. La newsletter generalmente viene inviata ai nostri lettori ad inizio settimana, indicativamente di lunedì. |
The essence of the error is due to incorrect logic when unpacking frames: the code was driven by the number of “samples per pixel” and expected at least two components, while the actual number of components in the stream could have been one.
Due to this discrepancy, the unpacking loop overran and wrote data beyond the allocated memory limits. In terms of formats, we’re talking about DNG in TIFF representation with “strings” (strips), where the RowsPerStrip, StripOffsets, and StripByteCounts fields are used; Due to the failure to account for line components and sizes, the unpacker allowed a buffer overflow.
Developers and reverse engineers have recorded a minimal amount of changes between versions, as expected for an unscheduled patch, but they close the dangerous “zero-click” scenario. According to the researchers, the chain could be activated simply by receiving images via messenger or other channels where images are automatically processed by the system. At the same time, individual services along the distribution path could modify their quality or metadata, but this is not critical for triggering the vulnerability.
The conclusion is predictable but important: Media format parsers are one of the most insidious points of any system. The bug in component count and buffer size seems obvious when you know where to look, but without the patch it was difficult to spot: the unpacking function is large, uses Huffman tables, branching logic, and the object-oriented infrastructure of Apple frameworks. The fix is simple: additional buffer management and an initial crash when attempting to overwrite memory.
Users are advised to install the latest versions of their systems as soon as possible. While the vulnerability has already been fixed, cases like this remind us that any automated analysis of content—images, documents, or archives—requires rigorous platform-level controls and protection.
Redazione