Headline
Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!
Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad,…
Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad, and Mac now.
Several cybersecurity researchers recently warned that a critical vulnerability (CVE‑2025‑43300) in Apple’s image‑processing framework was being abused by attackers. Apple has now released updates across iPhone, iPad and Mac devices to address the issue.
Security researcher Pablo Sabbatella noted that the flaw involved image file handling in Apple’s systems. Another alert came from a separate security advisor, highlighting the threat posed by the zero‑day. This issue has since received urgent attention.
Security researcher Vladimir S. (known on X as Officer’s Notes) warned that CVE‑2025‑43300 was under active exploitation, noting that simply opening a maliciously crafted image was enough for an attacker to remotely take control of a device.
Urgent! Just by receiving an image in your iPhone or Mac, your device can be FULLY compromised. Update your devices ASAP!
Also recommended:
• Disable auto download of images in Telegram;
• Disable the auto download of images in WhatsApp;
• Disable iMessage for complete or,…— Vladimir S. | Officer’s Notes (@officer_cia) August 22, 2025
Apple confirmed that the vulnerability, a memory‑corruption flaw caused by an out‑of‑bounds write in the Image IO framework, had been found internally and fixed using improved boundary checks.
The company released security updates on August 20, 2025. Versions affected and now fixed include:
- iPadOS 17.7.10
- macOS Sequoia 15.6.1
- macOS Ventura 13.7.8
- macOS Sonoma 14.7.8
- iOS 18.6.2 and iPadOS 18.6.2
Affected devices include iPhone XS and newer models, various iPad and iPad Pro generations, and Mac systems running the listed macOS versions.
This flaw has now been added to the US CISA’s (Cybersecurity and Infrastructure Security Agency) Known Exploited Vulnerabilities Catalog, with organizations advised to apply fixes by September 11, 2025.
This is already the seventh zero-day Apple has had to fix this year, following five similar urgently patched flaws, plus a more recent one in the Safari browser. Therefore, if you are an Apple user following these steps to secure your devices:
- Update your device right away via Settings → General → Software Update on iOS/iPadOS, or System Settings → Software Update on macOS.
Related news
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild. The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file. "Apple is aware of a report that this issue may have been exploited in an
Apple has notified users in France of a spyware campaign targeting their devices, according to the Computer Emergency Response Team of France (CERT-FR). The agency said the alerts were sent out on September 3, 2025, making it the fourth time this year that Apple has notified citizens in the county that at least one of the devices linked to their iCloud accounts may have been compromised as part
CISA updates its KEV List with TP-Link Wi-Fi extender and WhatsApp spyware flaws, urging users and agencies to…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain
WhatsApp has patched a vulnerability that was used in conjunction with an Apple vulnerability in zero-click attacks.
Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large
WhatsApp has patched a critical 0-day (CVE-2025-55177) that allowed zero-click spyware attacks on iOS and Mac users. The…
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages. Internal researchers on the
A list of topics we covered in the week of August 18 to August 24 of 2025
Apple has released security updates to patch a zero-day vulnerability tracked as CVE-2025-43300 for all platforms