CVE-2025-43300 Vulnerability: Zero-Day in iOS, iPadOS, and macOS Under Active Exploitation
As the season shifts from summer to fall, the cyber threat landscape is heating up rather than cooling down. Following the news of the ongoing exploitation of a fresh WinRAR zero-day used to deliver RomCom malware, another zero-day flaw causes a stir in the cyber threat arena. A novel zero-day vulnerability affecting iOS, iPadOS, and macOS, and tracked as CVE-2025-43300, is actively exploited in targeted attacks, potentially leading to memory corruption via harmful images.
According to Techzine Global, the volumes of emerging CVEs are surging in 2025, averaging 130+ per day as compared to 113 in 2024, signaling a rapidly expanding attack surface. With the KEV list steadily growing, figures from the first half of the year suggest 2025 will surpass last year’s record of 40K vulnerabilities. This accelerating trend underscores the urgent need for organizations to strengthen defenses with continuous patch management, proactive threat detection, and resilient security frameworks that can adapt to the pace of newly disclosed vulnerabilities.
Adopting a proactive and adaptive defense strategy is critical in the fast-changing threat landscape. AI-driven protection improves detection precision, reduces alert fatigue by reducing false positives, and focuses attention on the most critical risks. As attack surfaces grow and threat volumes increase, AI-powered security provides a scalable and intelligent approach designed to keep pace with modern cyber challenges. By registering for SOC Prime Platform, organizations can rely on top cybersecurity expertise backed by a cutting-edge fusion of technologies to enable a future-proof, end-to-end cybersecurity workflow, co-piloted by AI.
To proactively detect vulnerability exploitation attempts, security teams can instantly get the entire collection of context-enriched Sigma rules filtered by the “CVE” tag. All detection algorithms can be used across multiple SIEM, EDR, and Data Lake technologies and are aligned with the MITRE ATT&CK® framework. Click Explore Detections to drill down to the relevant detection stack.
Security engineers can also take advantage of the latest version of Uncoder AI, which now has a fresh new look and feel as the AI Chat Bot interface, offering a fast, conversational way to handle end-to-end cybersecurity tasks. In addition, the enhanced Uncoder AI introduces Model Context Protocol (MCP) tools, providing a context-aware bridge between AI and real-world data sources. Moreover, it supports MISP integration to enable an easy search for IOCs and CTI events on the customers’ MISP server.
CVE-2025-43300 Analysis
A new zero-day flaw in iOS, iPadOS, and macOS, CVE-2025-43300, was found in the ImageIO framework, which supports reading and writing across most image file formats, providing high performance, built-in color management, and access to detailed image metadata. The flaw is reported to have been actively weaponized in in-the-wild attacks. CVE-2025-43300 is an out-of-bounds write vulnerability that could trigger memory corruption when handling malicious images.
In its advisory, Apple acknowledged reports suggesting the vulnerability may have been exploited in highly sophisticated attacks against select individuals. The company noted the issue was discovered internally and patched through improved bounds checking. It still remains unclear who is responsible for the attacks or which victims were targeted, though evidence suggests the flaw has already been weaponized in highly targeted campaigns.
Due to the increasing exploitation risks, the vendor has addressed the issue with improved bounds checking. The flaw has been patched in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, macOS Sequoia 15.6.1, iPadOS 17.7.10, and iOS/iPadOS 18.6.2.
Although the attacks appear to have been narrowly focused on specific individuals, all potentially affected users are strongly advised to update their iDevices without delay. To safeguard defenses against emerging risks of vulnerability exploitation, SOC Prime equips security teams with a complete product suite delivering a comprehensive AI-native workflow, backed by automated capabilities and real-time threat intelligence to always stay ahead of the curve.
