This is the sixth actively exploited zero-day bug resolved by Apple so far this year.
Updates have been issued by Apple for the out-of-bounds write zero-day flaw, tracked as CVE-2025-43300.
This was following its exploitation in an "extremely sophisticated" and highly targeted cyber intrusion, BleepingComputer reports.
Malicious actors could leverage the vulnerability — which was discovered within the Image I/O framework and affects several generations of iPhones, iPads, and Macs — to crash programs, corrupt data, and enable remote code execution, according to Apple.
"An out-of-bounds write issue was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption," said Apple.
Such an issue marks the sixth actively exploited zero-day bug resolved by Apple so far this year, which matches the total number of abused zero-days fixed by the company last year.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
