InfoSecBulletin Cybersecurity for mankind
Apple has issued urgent security updates to fix a zero-day vulnerability that is being actively exploited, warning that attackers may have used it in targeted campaigns.
CVE-2025-43300 is a flaw in Apple’s Image I/O framework that allows out-of-bounds writing, affecting how applications manage common image file formats.
New Windows Defender ‘RoguePlanet’ zero-day grants SYSTEM privileges
Microsoft June Patches 200 Vulnerabilities including 3 zero days
World’s first wind power underwater data center is now live
VMware Fixed Multiple Flaws Allow Attackers to Inject Malicious Scripts
CVE-2026-50751
Check Point VPN 0-day Flaw Exploited in the Wild
AI-designed First ‘universal vaccine’ tested in humans
China Unveils First Prefabricated Data Center Base, Reducing Construction Time by 70%
Hacker now exploits recently patched SolarWinds Serv-U flaw
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
According to Apple’s advisory:
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The vulnerability lets attackers create harmful image files that, when used by a vulnerable application, could cause memory corruption. This could allow them to execute arbitrary code, leading to surveillance or device compromise.
Apple explained the fix as follows:
“An out-of-bounds write issue was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption.”
The company has released patches across its ecosystem, urging all users to apply them immediately:
iOS 18.6.2 and iPadOS 18.6.2
iPadOS 17.7.10
macOS Sequoia 15.6.1
macOS Sonoma 14.7.8
macOS Ventura 13.7.8
This wide coverage underscores how deeply integrated the Image I/O framework is across Apple products.
As is common with zero-day disclosures, Apple has not shared technical details about the exploitation, the identity of the attackers, or the profile of the victims. The zero-day is being leveraged in precision-targeted campaigns, potentially linked to spyware operations or nation-state threat actors.
With CVE-2025-43300 marked as actively exploited, users are strongly advised to:
Update immediately to the latest iOS, iPadOS, and macOS versions.
Be cautious when receiving unexpected images or opening files from untrusted sources.
Copilot Breaks Your Audit Log, but Microsoft Won’t Tell the customer
