Apple ImageIO Zero-Day (CVE-2025-43300) — Out-of-Bounds Write in Image Processing Actively Exploited
Apple urgently patched a critical zero-day in the ImageIO framework (CVE-2025-43300) that was actively exploited using malicious image files. If you use iPhones, iPads, or Macs, update immediately—no user interaction is required for exploitation.
What's Going On
Apple has released emergency updates across iOS, iPadOS, and macOS to patch CVE-2025-43300, an actively exploited out-of-bounds write vulnerability in the ImageIO framework, which handles the bulk of image file formats. Hackers can deliver memory corruption by serving a specially crafted image, leading to arbitrary code execution.
Affected Platforms
- iOS 18.6.2 and iPadOS 18.6.2
- iPadOS 17.7.10
- macOS Sequoia 15.6.1
- macOS Sonoma 14.7.8
- macOS Ventura 13.7.8 and later supported releases
The vulnerability earned immediate inclusion in CISA's Known Exploited Vulnerabilities catalog, with federal entities required to apply patches by September 11, 2025.
Mitigation Steps
- Update Devices Immediately: Ensure installation of iOS, iPadOS, and macOS updates that address CVE-2025-43300.
- Enable Preventive Controls: Use Mobile Device Management (MDM) tools to enforce patching across fleets.
- Look for Anomalies: Watch for unusual app crashes or system instability after image viewing, particularly from untrusted sources.
- Restrict File Types: Wherever possible, limit image sources and avoid suspicious attachments in email or downloads.
ThreatGrid Takeaways
- No user action needed for exploitation, making this a full zero-click remote compromise risk.
- Immediate patching is essential — Apple confirmed active targeted exploitation.
- Inclusion in CISA KEV catalog signals urgency — organizations must treat this as high-priority.
- Longer-term: consider sandboxing image processing applications and restrict file execution from unidentified sources.
