Apple has released an emergency security update to address a zero-day vulnerability in its ImageIO framework that has been actively exploited in the wild.
A zero-day is a previously unknown software vulnerability that is discovered by attackers before the developer has created a fix.The ImageIO framework is a core component of Apple’s operating systems responsible for handling various image file formats.
The zero-day, tracked as CVE-2025-43300, is described by Apple as allowing for the processing of a malicious image file that may result in memory corruption. Apple confirmed it is aware of reports that the vulnerability may have been exploited in targeted attacks before the patch was released, though the company did not provide details about the scope or attribution.
The patches, released on Aug. 20, cover iOS, iPadOS and macOS. The fix is included in iOS 18.6.2 and iPadOS 18.6.2 for current devices, iPadOS 17.7.10 for older models and macOS Sequoia 15.6.1, Sonoma 14.7.8 and Ventura 13.7.8.
Users are advised to update their devices promptly to the latest versions. On iPhones and iPads,updates can be installed under Settings > General > Software Update,while Mac users can apply them through system Settings > General > Software update.
Discussing the vulnerability, Adam Boynton, senior security strategy manager at Apple device management company Jamf Holding Corp., told SiliconANGLE via email that “Apple has indicated that this vulnerability has been exploited in elegant, targeted attacks, which typically focus on individuals with highly valued access or contacts, such as journalists, lawyers, activists and government officials.”
“While Apple has not confirmed whether this specific flaw was linked to spyware, similar vulnerabilities in ImageIO and WebKit have previously been used in Pegasus campaigns,” Boynton added. “Even though the exploitation appears targeted, we recommend that all users update to iOS 18.6.2 immediately, especially those in industries most at risk of spyware attacks.”
Satnam Narang, senior staff research engineer at exposure management company Tenable Holdings Inc., commented that “traditionally, Apple has limited the amount of detail it shares about in-the-wild exploitation of zero-days across Apple products. However, they rarely use the language of ‘an extremely sophisticated attack against specific targeted individuals.'”
“based on my assessment, Apple started using this language in 2025 for other cves, including CVE-2025-24201, CVE-2025-24200, CVE-2025-31200, CVE-2025-43200, and CVE-2025-43300,” added narang. “This language suggests t