Apple has shipped emergency updates to fix an actively exploited zero-day in its ImageIO framework, warning that the flaw has already been abused in targeted attacks.

Logged as CVE-2025-43300 , the bug is an out-of-bounds write issue in ImageIO, the component apps rely on to read and write standard image formats. Apple warned that the flaw could let miscreants hijack devices with a booby-trapped image – and for some iDevice users, it sounds like the damage has already been done.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," Cupertino said.

Apple went on to explain that "processing a malicious image file may result in memory corruption," but didn't say what that could lead to. Typically, th

See Full Page