Apple Image I/O out-of-bounds write memory corruption flaw (CVE-2025-43300)
Vulnerability
Summary
Hide ▲
Show ▼
CVE-2025-43300 is an out-of-bounds write in Apple’s Image I/O framework that can cause memory corruption and was used in an extremely sophisticated attack against specific targeted individuals. Apple shipped fixes in iOS 18.6.2, iPadOS 18.6.2/17.7.10, and macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. The issue affects iPhone XS and later plus multiple iPad and Mac models, so prompt updating is important for exposed devices.
Related Happenings
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware Activity
First: 03.04.2026 12:10
Last: 03.04.2026 12:10
Sources 1
About this happening:
The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
SparkCat malware variant in App Store and Google Play apps steals wallet recovery phrases
Malware ActivityAbout this happening: The **SparkCat** malware resurfaced in a new variant inside apps on the **Apple App Store** and **Google Play Store**, increasing the risk of mobile crypto wallet theft. The malwa...
Coruna iOS exploit analysis ties updated Triangulation kernel exploit lineage
Technical Analysis
First: 26.03.2026 15:10
Last: 26.03.2026 15:10
Sources 1
About this happening:
**Coruna** has been linked to an **updated** exploit lineage from **Operation Triangulation**, showing that a long-running iPhone attack framework continues to evolve and can stil...
Coruna iOS exploit analysis ties updated Triangulation kernel exploit lineage
Technical AnalysisAbout this happening: **Coruna** has been linked to an **updated** exploit lineage from **Operation Triangulation**, showing that a long-running iPhone attack framework continues to evolve and can stil...
Operation Triangulation updated iPhone espionage campaign
Campaign
First: 26.03.2026 15:10
Last: 26.03.2026 15:10
Sources 1
About this happening:
The **Operation Triangulation** espionage lineage has resurfaced through **Coruna**, extending **zero-click iPhone** targeting to newer **A17** and **M3** devices and **iOS 17.2**...
Operation Triangulation updated iPhone espionage campaign
CampaignAbout this happening: The **Operation Triangulation** espionage lineage has resurfaced through **Coruna**, extending **zero-click iPhone** targeting to newer **A17** and **M3** devices and **iOS 17.2**...
Coruna watering-hole and fake-site exploitation campaign
Campaign
First: 26.03.2026 13:07
Last: 26.03.2026 13:07
Sources 1
About this happening:
A suspected **Russia-aligned nation-state actor** is using **Coruna** in **watering-hole attacks in Ukraine** and a **mass exploitation campaign**, expanding the kit’s abuse beyon...
Coruna watering-hole and fake-site exploitation campaign
CampaignAbout this happening: A suspected **Russia-aligned nation-state actor** is using **Coruna** in **watering-hole attacks in Ukraine** and a **mass exploitation campaign**, expanding the kit’s abuse beyon...
Apple iOS outdated-device exploit-kit mitigation advisory
Advisory/Mitigation
First: 20.03.2026 07:16
Last: 20.03.2026 07:16
Sources 1
About this happening:
**Apple** is sending **Lock Screen notifications** to **outdated iPhones and iPads** after detecting **active web-based attacks**, urging users to install updates. The latest noti...
Apple iOS outdated-device exploit-kit mitigation advisory
Advisory/MitigationAbout this happening: **Apple** is sending **Lock Screen notifications** to **outdated iPhones and iPads** after detecting **active web-based attacks**, urging users to install updates. The latest noti...
Timeline
-
20.08.2025 21:44 5 articles · 9mo ago
Apple reports CVE-2025-43300 exploitation and ships emergency fixes
Initial DisclosureApple issued emergency updates on 2025-08-20 for CVE-2025-43300, an out-of-bounds write in the Image I/O framework that can cause memory corruption when processing a malicious image file, and said the flaw may have been used in an extremely sophisticated attack against specific targeted individuals. The fix uses improved bounds checking and is available in iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.
Show sources
- Apple fixes new zero-day flaw exploited in targeted attacks — www.bleepingcomputer.com — 20.08.2025 21:44
- Apple warns customers targeted in recent spyware attacks — www.bleepingcomputer.com — 11.09.2025 22:02
- Apple Warns French Users of Fourth Spyware Campaign in 2025, CERT-FR Confirms — thehackernews.com — 12.09.2025 17:49
- French Advisory Sheds Light on Apple Spyware Activity — www.darkreading.com — 12.09.2025 22:28
- Apple backports zero-day patches to older iPhones and iPads — www.bleepingcomputer.com — 16.09.2025 15:16