Apple has released emergency updates for iPhone, iPad, and Mac to fix a critical zero-day vulnerability (CVE-2025-43300) being exploited in the wild.
Apple rushed out security updates for iPhones, iPads and Macs to fix a serious new flaw. The vulnerability (CVE-2025-43300) is an out-of-bounds write error in Apple’s image-processing code (Image I/O) that could let a specially crafted image corrupt memory. Apple warned that attackers had already used this bug in “an extremely sophisticated” exploit targeting specific individuals. In other words, while normal users may not be direct targets, the flaw has been weaponized against high-value users. U.S. cyber authorities even added this issue to their Known Exploited Vulnerabilities catalog, underscoring its severity.
Scope and Risk of the Exploit
The affected software versions include many recent releases of iOS, iPadOS, and macOS. Apple fixed the bug with improved bounds checking in the affected code, and customers are advised to install the updates immediately. In practical terms, this means updating to iOS 18.6.2 (or iPadOS 18.6.2) on newer devices, iPadOS 17.7.10 on older tablets, and the latest macOS builds (Ventura 13.7.8, Sonoma 14.7.8, Sequoia 15.6.1) on Apple computers. Because there are around 2.2 billion active Apple devices worldwide, even a seemingly narrow exploit can potentially escalate. Experts note that once a patch is released, attackers often reuse the flaw in broader campaigns – “what starts as a highly targeted campaign often trickles down into mass exploitation”. Apple has already patched at least five zero-days in 2025 alone, so staying current with updates is crucial.
Protecting Your Devices
To protect yourself, apply Apple’s updates without delay. Specifically, install:
- iOS 18.6.2 and iPadOS 18.6.2 (covers most iPhones and newer iPads).
- iPadOS 17.7.10 (for older iPad models).
- macOS Ventura 13.7.8, Sonoma 14.7.8, and Sequoia 15.6.1 (for Mac computers).
You should also enable automatic updates and avoid opening images or attachments from untrusted sources. Cybersecurity analysts emphasize that even if you’re not a high-profile target, every user is safer once the patch is applied.
