InfoSecBulletin Cybersecurity for mankind
Apple has issued urgent security updates to fix a zero-day vulnerability that is being actively exploited, warning that attackers may have used it in targeted campaigns.
CVE-2025-43300 is a flaw in Apple’s Image I/O framework that allows out-of-bounds writing, affecting how applications manage common image file formats.
EDR-Freeze: A Tool That Puts EDRs And Antivirus Into A Coma State
First-ever AI-powered ‘MalTerminal’ Malware Uses OpenAI GPT-4 to Generate Code
Gmail Data exposes via ChatGPT Deep Research Agent dubbed “ShadowLeak Zero-Click” Flaw
Cyber attack disrupts several European airports: check-in and boarding systems affected
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
According to Apple’s advisory:
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The vulnerability lets attackers create harmful image files that, when used by a vulnerable application, could cause memory corruption. This could allow them to execute arbitrary code, leading to surveillance or device compromise.
Apple explained the fix as follows:
“An out-of-bounds write issue was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption.”
The company has released patches across its ecosystem, urging all users to apply them immediately:
iOS 18.6.2 and iPadOS 18.6.2
iPadOS 17.7.10
macOS Sequoia 15.6.1
macOS Sonoma 14.7.8
macOS Ventura 13.7.8
This wide coverage underscores how deeply integrated the Image I/O framework is across Apple products.
As is common with zero-day disclosures, Apple has not shared technical details about the exploitation, the identity of the attackers, or the profile of the victims. The zero-day is being leveraged in precision-targeted campaigns, potentially linked to spyware operations or nation-state threat actors.
With CVE-2025-43300 marked as actively exploited, users are strongly advised to:
Update immediately to the latest iOS, iPadOS, and macOS versions.
Be cautious when receiving unexpected images or opening files from untrusted sources.
Copilot Breaks Your Audit Log, but Microsoft Won’t Tell the customer
