- Apple Corrige CVE-2025-43300, a writing error outside the limits in iOS and iPados
- The error allowed the threat actors to execute remote code execution attacks
- There is evidence of abuse in nature, so users must be on guard
Apple has solved an error in iOS and iPados that was apparently being used in “an extremely sophisticated attack against specific specific individuals.”
In a security notice, Apple said that he solved a writing problem outside the limits he found in the framework of Image, which allows applications to open, guide and work with image files efficiently, including reading details such as Exif data or the creation of miniatures.
An out of the limits occurs when the software writes by mistake data beyond the memory area that was supposed to do so. This can corrupt memory, block applications and even allow threat actors to execute malicious code, remotely.
Hide the details of criminals
Since the error was found in image, allowed the specially developed images to overflow the memory checks and overwritten adjacent data when processed. A threat actor could send a malicious image in an email, a message or a web page. If the vulnerable device will try to do it and represent it, the writing outside the limits could allow the attacker to block the system or even execute malware.
The error is tracked as CVE-2025-43300, and does not yet have a gravity score. Apple did not discuss the findings anymore, to give everyone enough to patch, without giving other actors threat knowledge about how to abuse him.
The devices affected by this defect include iPhone XS and posterior, 13 -inch iPad Pro, iPad Pro of 12.9 inches 3rd generation and later, 11 -inch iPad Pro of 11 inches of 11 inches and later, iPad Air 3rd Generation and later, iPad 7th Generation and later, and iPad Mini 5th Generation and later.
Apple set it by improving limits verifications, in the iOS 18.6.2 and ipados 18.6.2, Ipados 17.7.10, Macos Sequoia 15.6.1, Macos Sonoma 14.7.8 and Macos Ventura 13.7.8.
This is the sixth zero apple day vulnerability set since the beginning of 2025, Bleepingcomputer Reports, including CVE-2025-24085 (January), CVE-2025-24200 (February), CVE-2025-24201 (March) and two in April, CVE-2025-31200 and CVE-2025-31201.
Through Bleepingcomputer
