Particle.news
Download on the App Store
4 ARTICLES
·
4d ago

Apple Patches Zero-Click ImageIO Exploit Used in Targeted Attacks

CISA has added CVE-2025-43300 to its exploited-vulnerabilities list with a September 11 patch deadline for federal agencies.

Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!
Apple issues emergency patches for zero‑click exploit that may enable crypto wallet theft

Overview

  • Apple released fixes on August 20 for iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, and macOS Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8.
  • The bug is an out-of-bounds write in the Image I/O framework that can be triggered by processing a malicious image, enabling code execution without user interaction.
  • Apple says the flaw was exploited in an extremely sophisticated campaign against specific targeted individuals, with no attacker attribution disclosed.
  • CISA’s Known Exploited Vulnerabilities listing underscores the urgency to patch, and it directs U.S. agencies to remediate by September 11, 2025.
  • Security researchers warn crypto holders face elevated risk of irreversible theft and advise immediate updating, checking for compromise, and moving funds to wallets created on clean devices.