Apple has released security updates to patch a zero-day vulnerability (CVE-2025-43300) affecting older iPhones and iPads, which was exploited in highly sophisticated targeted attacks. The flaw involves an out-of-bounds write in the Image I/O framework, leading to potential remote code execution; Apple and WhatsApp have warned about ongoing exploitation. #CVE202543300 #ImageIO #targetedattacks #AppleSecurity
Keypoints
- Apple fixed a zero-day flaw in older iOS and iPadOS devices using security patches released in August.
- The vulnerability CVE-2025-43300 involves an out-of-bounds write in the Image I/O framework.
- Exploits have been used in highly sophisticated targeted attacks against specific individuals.
- WhatsApp and Samsung also patched related vulnerabilities chained with the Apple zero-day.
- Multiple zero-day vulnerabilities exploited in the wild were fixed by Apple throughout 2025.