Apple released emergency updates to patch a zero-day vulnerability exploited in what the company described as an "extremely sophisticated attack" targeting specific individuals.
Apple patched CVE-2025-43300, an out-of-bounds write vulnerability discovered by Apple security researchers in the Image I/O framework. This framework enables applications to read and write most image file formats. The security flaw allows attackers to exploit the vulnerability by supplying malicious input that causes programs to write data outside allocated memory buffers, potentially leading to program crashes, data corruption, or remote code execution. Apple addressed the issue with improved bounds checking across multiple operating systems: The vulnerability impacts a wide range of devices, including iPhone XS and later models, various iPad Pro generations, iPad Air 3rd generation and later, iPad 7th generation and later, iPad mini 5th generation and later, and Macs running the three most recent macOS versions.
Apple stated in security advisories issued on Wednesday, "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals." The company also noted, "An out-of-bounds write issue was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption."
6 zero-day vulnerabilities patched by Apple in 2025
6 zero-day vulnerabilities patched by Apple in 2024
Multiple device categories affected: iPhone XS and later, various iPad models from 3rd generation onward, and three versions of macOS
This vulnerability specifically targets Apple's Image I/O framework, which is crucial to how applications handle image files across Apple's system. The nature of the attacks and Apple's emphasis on "specific targeted individuals" suggests this zero-day was likely used in advanced persistent threat (APT) campaigns or nation-state attacks. For healthcare organizations using Apple devices to handle patient data or medical imaging, this vulnerability represents a security risk, as malicious image files could potentially compromise systems containing protected health information. The frequency of Apple zero-day discoveries - six in 2025 and six in 2024 - demonstrates the ongoing targeting of Apple devices by sophisticated threat actors.
Healthcare organizations and individuals using Apple devices should immediately install the security updates to prevent potential exploitation. The targeted nature of these attacks and Apple's continued discovery of zero-day vulnerabilities highlight the importance of maintaining current security patches, especially for devices handling sensitive healthcare data or accessing medical systems.
Most are reported by internal security researchers or external partners through Apple’s security bounty program.
Such attacks are often attributed to advanced persistent threat (APT) groups or nation-state actors.
Because it is widely used across Apple devices to process image files, making it a universal attack surface.