Apple has released urgent security updates across iPhones, iPads, and Macs to patch a newly discovered zero day vulnerability that has already been exploited in targeted cyberattacks. The flaw, tracked as CVE-2025-43300, affects multiple platforms and poses a significant risk if left unpatched.
What Happened?
The zero day vulnerability lies in Apple’s Image I/O framework, which handles image processing across macOS and iOS. Researchers found that the bug was an out-of-bounds write issue that allowed attackers to manipulate memory and potentially execute malicious code. By sending or embedding a malicious image file, attackers could compromise devices without user awareness.
Apple confirmed that this vulnerability has been weaponized in highly sophisticated attacks targeting high-value individuals and organizations. While the initial campaigns appear to be limited in scope, experts warn that once a patch is available, cybercriminals often rush to reverse-engineer the flaw and expand attacks to everyday users.
Updates Available for All Platforms
To address the issue, Apple rolled out critical updates across its ecosystem:
- iOS 18.6.2 and iPadOS 18.6.2 – Available for iPhone XS and later, and modern iPad Pro, iPad Air, iPad mini, and standard iPad models.
- iPadOS 17.7.10 – For older iPad models, including the iPad Pro 12.9-inch 2nd generation and iPad 6th generation.
- macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8 – Covering the most recent versions of macOS.
Users are strongly advised to update immediately to safeguard their devices. Apple’s statement highlights that delaying updates may leave systems exposed to active exploitation attempts.
How to Update Devices
For iPhone and iPad users:
- Go to Settings > General > Software Update.
- Install the latest version (iOS 18.6.2, iPadOS 18.6.2, or iPadOS 17.7.10 for older models).
- Enable Automatic Updates for continuous protection.
For Mac users:
- Click the Apple Menu > System Settings > General > Software Update.
- Download and install the latest update.
- Save your work before restarting, as updates may require multiple reboots.
Installing these patches ensures that the zero day vulnerability can no longer be exploited on your device.
Why Zero Day Vulnerabilities Are Dangerous
A zero day exploit refers to a flaw that is unknown to the software vendor until after attackers have already begun using it. Because there is no available fix at the time of discovery, zero days are among the most dangerous threats in cybersecurity.
Once a vendor like Apple issues a patch, attackers often move quickly to adapt the exploit into broader campaigns. This means that even average users, not just high-value targets, can soon become victims. Past incidents have shown that delays in updating leave millions at risk.
Expert Warnings
Cybersecurity experts emphasize that zero day vulnerabilities should never be underestimated. Memory corruption flaws like this can give attackers a direct path to sensitive information, allow system crashes, or even enable full device takeover.
The best defense is timely updates. Security researchers advise that users enable automatic updates and remain cautious with files or links received from unknown sources.
Stay ahead with the latest updates in technology, security, and startups. Visit Startup News for real-time coverage and insights.
