Apple Releases Patch for CVE-2025-43300 Zero-Day Vulnerability

Apple has addressed a critical security vulnerability in iOS, iPadOS, and macOS, identified as CVE-2025-43300, which has been actively exploited by attackers. This flaw, with a severity score of 8.8, resides in ImageIO and can lead to memory corruption when a malicious image is opened. Apple discovered and mitigated the issue by enhancing boundary checks. Although the specific attackers and targets remain unidentified, the flaw is believed to be used in targeted attacks.

This marks Apple's seventh patch this year for zero-day vulnerabilities exploited in the wild, following fixes for CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, and CVE-2025-43200. Additionally, last month, Apple addressed a Safari vulnerability (CVE-2025-6558) that Google reported as a zero-day in Chrome.

Stay secure — stay Wavasec. 🔐