On Monday, Apple confirmed the fix to a recently patched security flaw that is actively utilised in the wild.
The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8). This is an out-of-range issue with Imageio components that can lead to memory corruption when processing malicious image files.
“Apple is aware of reports that this issue could have been exploited in a highly sophisticated attack on a particular targeted individual,” the company said.
Since then, WhatsApp has admitted that vulnerabilities in messaging apps on Apple iOS and MacOS (CVE-2025-55177, CVSS score: 5.4) were chained on CVE-2025-43300 as part of a highly targeted spyware attack targeting less than 200 individuals.
This drawback was originally addressed by the iPhone manufacturer at the end of last month, but was released for the following versions with the releases of iOS 18.6.2 and iPados 18.6.2, iPados 17.7.10, Macos Ventura 13.7.8, Macos Sonoma 14.7.8, and Macos Sequoia 15.6.1 –
iOS 16.7.12 and iPads 16.7.12 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th Generation, iPad Pro 9.7 inch, and iPad Pro 12.9 inch 1st generation IOS 15.8.5 and iPad 15.8.5 – iPhone 6s (All Models), iPhone SE (four models), iPad (fourth generation) iPodtouch (7th generation)
The updates are now available along with iOS 26, iPados 26, iOS 18.7, iPados 18.7, Macos Tahoe 26, Macos Sequoia 15.7, Macos Socoia 14.8, TVOS 26, Visionos 26, Watchos 26, Safari 26, and Xcode 26.
CVE-2025-31255-IoKit Authorization Vulnerability that allows apps to access sensitive dataCVE-2025-43362-LaunchServices Vulnerability that allows apps to monitor keystrokes without user permissionCVE-2025-43329-Sandbox Latent Vulnerability can enable sandbox potential. – Safari vulnerability that could lead to unexpected URL redirects when dealing with malicious web content CVE-2025-43272 – Webkit vulnerability that could lead to unexpected Safari crashes when dealing with malicious web content CVE-2025-43285 – This could allow app vulnerabilities. Write down the problem in Coreaudio. This can lead to unexpected app termination when handling malicious video file CVE-2025-43316. RemoteviewServices allows apps to escape from sandbox CVE-2025-43358 – Shortcuts Permission Vulnerability that may allow shortcuts to bypass sandbox restrictions CVE-2025-43333-Gut CVE-25-43304 Spotlight Vulnerability that allows apps to obtain root privileges CVE-2025-48384 – Xcode Git Vulnerability that could lead to remote code execution when cloning maliciously created repository
There is no evidence that any of the aforementioned defects have been weaponized in actual attacks, but keeping your system up-to-date for optimal protection is always a good practice.
Source link
