Apple rushed to update the emergency software to its customers on Wednesday to approach a zero-day vulnerability actively affecting the software supplying the most popular devices of the company. The faults write a defect – CVE-2025-43300 – Allows attackers to process a malicious image file resulting in memory corruption.
“Apple is aware of a report that this problem may have been exploited in an extremely sophisticated attack against specific targeted individuals,” said company in a series of security updates for iOS,, ipados And macos.
The cybersecurity and infrastructure safety agency added the defect to its Catalog of known exploited vulnerabilities THURSDAY.
Apple has not said how many active exploits it is aware or how many people are affected. The company did not respond to a request for comments.
Apple generally shares limited details on the exploitation integrated into the zero-day window, but it used a stronger language in at least five vulnerability disclosure this year to indicate when sophisticated attackers are involved or that specific people are targeted by these attacks, according to Satnam Narang, engineer of main personal researcher at Table.
“This language suggests that Apple is determined in its external communication,” said Narang in an email. “Although the impact on the larger population is smaller because the attackers operating the CVE-2025-43300 had a narrow and targeted concentration, Apple wants the public to pay the threat and take immediate measures.”
Apple said that it had improved the limits of verification to resolve the vulnerability and advised customers on the affected versions of the affected software to immediately apply the update. The defect affects the macOS versions before 13.7 and 15.6, iPados versions before 17.7 and iOS and iPados versions before 18.6.
“Although the possibility that the average user is a target is low,” said Narang, “it’s never zero.”
Vulnerability marks the fifth day zero-day addressed this year, including defects previously disclosed and corrected in January, FEBRUARYMarch and April. Apple defects have done Seven appearances on known exploited vulnerabilities of Cisa This year.
More information on vulnerability is available on Apple website.
