Apple Patches Zero-Day as CISA Sets September Deadline for Fixes

Generated by AI AgentCoin World
Friday, Aug 22, 2025 7:25 am ET1min read
AAPL
--
Aime RobotAime Summary

- Apple urgently patched zero-day vulnerability CVE-2025-43300 in iOS, iPadOS, and macOS, exploited in targeted attacks via ImageIO framework memory corruption.

- CISA added the flaw to its KEV catalog with a September 11 mitigation deadline, urging users to update affected OS versions including iOS 18.6.2 and macOS Sonoma 14.7.8.

- The vulnerability enables remote code execution through crafted image files, marking Apple's seventh patched zero-day in 2025 amid ongoing real-world exploitation campaigns.

- Security experts emphasize immediate updates to prevent exploitation, aligning with Apple's standard practice of silent patching until fixes are available.

Apple has released urgent updates for iOS, iPadOS, and macOS to address a critical zero-day vulnerability identified as CVE-2025-43300. The flaw, discovered internally by the company, resides in the ImageIO framework and could allow attackers to execute malicious code by processing a specially crafted image file, potentially leading to memory corruption and remote code execution [3]. The vulnerability was exploited in a highly sophisticated, targeted attack against specific individuals, as confirmed by

Apple
in its advisory [1].

The update, released on August 20, 2025, patches the vulnerability through improved bounds checking. Affected operating system versions include iOS 18.6.2 and iPadOS 18.6.2, which are available for iPhone XS and later models, as well as several iPad models. Other patched versions include macOS Sonoma 14.7.8, macOS Ventura 13.7.8, and iPadOS 17.7.10 [2]. Apple emphasized that users should update as soon as possible, given the active exploitation of the flaw in the wild [4].

This vulnerability has been added to the CISA’s Known Exploited Vulnerabilities (KEV) Catalog, with a required mitigation deadline of September 11, 2025. CISA recommends applying mitigations as outlined by the vendor or discontinuing use of affected products if no mitigation is available [1]. The vulnerability is classified under the Common Weakness Enumeration (CWE) ID 787, which denotes an out-of-bounds write issue [1].

Apple has now addressed a total of seven zero-day vulnerabilities in 2025 that have been exploited in real-world attacks, including CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-31201, and CVE-2025-43200 [3]. The company also recently patched another zero-day vulnerability in Safari, reported by

Google
as being exploited in the Chrome browser [3].

Security experts and users are urged to prioritize updates to avoid potential exposure. Apple’s approach to vulnerability disclosure and patching aligns with its standard practice of not publicly discussing security flaws until patches are available [2]. The company continues to maintain a strong stance on user protection, regularly issuing updates and advisories to mitigate emerging threats.

Source:

[1] CVE-2025-43300 Detail - NVD (https://nvd.nist.gov/vuln/detail/CVE-2025-43300)

[2] About the security content of iOS 18.6.2 and iPadOS 18.6.2 (https://support.apple.com/en-us/124925)

[3] Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS ... (https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html)

[4] PSA: Update your iPhone to iOS 18.6.2 right away (https://9to5mac.com/2025/08/20/psa-update-your-iphone-to-ios-18-6-2-right-away/)

Comments



Add a public comment...
No comments

No comments yet