Apple has also issued an emergency security release to address a major Apple ImageIO zero-day vulnerability in its framework that has been actively used in high-profile attacks against specific individuals. The vulnerability, which is known as CVE-2025-43300, impacts all iPhone, iPadOS, and MacOS devices and enables attackers to cause memory corruption by decoding malicious picture files, leading to the urgent recommendation to patch the vulnerability.
Critical vulnerability actively exploited
Apple rushed an emergency software update to its customers on Wednesday to address an actively exploited zero-day vulnerability affecting the software powering the company’s most popular devices, according to CyberScoop. The out-of-bounds write defect — CVE-2025-43300 — allows attackers to process a malicious image file, resulting in memory corruption. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said.
The Cybersecurity and Infrastructure Security Agency added the defect to its known exploited vulnerabilities catalog on Thursday. Apple did not say how many active exploits it’s aware of or how many people are impacted. The company did not respond to a request for comment. Apple typically shares limited details about in-the-wild exploitation of zero-days, yet it has used stronger language in at least five vulnerability disclosures this year.
ImageIO framework targeted by attackers
The flaw, tracked as CVE-2025-43300, and addressed in iOS 16.7.12 and iPadOS 16.7.12, allows for memory corruption on Apple phones when a malicious file is processed, according to CSO Online. In a security advisory released on Monday, Apple said the bug stems from an out-of-bounds write issue. The patch affects both newer and older iPhones, iPads, and related devices, including those not running the very latest version of Apple operating systems.
CVE-2025-43300 received a critical severity rating (CVSS 8.8 out of 10) and was patched in iOS 18.6.2 and iPadOS 18.6.2 last month. On Monday, Apple extended the patch to earlier EOL builds against reports of active exploitation. The affected module, Apple’s ImageIO, is the framework responsible for reading, writing, or otherwise processing images in many iOS/iPadOS applications.
Sophisticated targeting campaign identified
“This language suggests that Apple is being purposeful in its external communication,” Satnam Narang, senior staff research engineer at Tenable, said in an email. “While the impact to the wider populace is smaller because the attackers exploiting CVE-2025-43300 had a narrow, targeted focus, Apple wants the public to pay attention to the threat and take immediate action.”
Apple said it improved bounds checking to address the vulnerability and advised customers on impacted versions of the affected software to apply the update immediately. The defect affects macOS versions before 13.7 and 15.6, iPadOS versions before 17.7, and iOS and iPadOS versions before 18.6. “While the possibility of the average user being a target is low,” Narang said, “it’s never zero.”
Growing trend in image processing attacks
Attackers appear to be shifting attention towards image processing modules in core system software, instead of attacking conspicuous, network-facing services or applications. This is an important part of a critical bug that was patched by Samsung last week (CVE-2025-21043) to fix a vulnerability in the image library they provide to their customers (libimagecodec.quram.so) that enabled remote code execution through a specially crafted image with no user interaction.
The emergency patch that Apple used to address the ImageIO zero-day vulnerability represents a strong reminder of the extreme significance of timely security patches, especially those that address frameworks that process commonly used files daily. As advanced attackers target more and more fundamental components of a system, such as image processing modules, users should no longer wait to install security patches. These attacks are targeted, which underscores the changing threat environment of high-value persons and organizations.