Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > misc.phone.mobile.iphone > #197318 > unrolled thread

Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Started bySymon <symon@notice.org>
First post2025-08-28 10:25 +0200
Last post2025-09-10 15:44 +0000
Articles 12 — 7 participants

Back to article view | Back to misc.phone.mobile.iphone


Contents

  Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Symon <symon@notice.org> - 2025-08-28 10:25 +0200
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks "Carlos E.R." <robin_listas@es.invalid> - 2025-08-28 14:38 +0200
      Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks WolfFan <akwolffan@zoho.com> - 2025-09-05 17:58 -0400
        Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-05 19:03 -0500
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Alan <nuh-uh@nope.com> - 2025-08-28 10:20 -0400
      Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-08-28 12:44 -0500
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-04 14:12 -0400
      Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-04 20:26 +0000
        Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-04 15:55 -0500
          Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-05 16:46 +0000
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-09 19:52 -0400
      Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-10 15:44 +0000

#197318 — Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

FromSymon <symon@notice.org>
Date2025-08-28 10:25 +0200
SubjectLeaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Message-ID<d9131ade72cf3bb031b5a471d45b25f9@dizum.com>
Use Apple products at your own risk.  Don't fall for the Verizon free 
iPhone on us offer.  It's junk.

Apple has released security updates to address a security flaw impacting 
iOS, iPadOS, and macOS that it said has come under active exploitation in 
the wild.

The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 
(CVSS score: 8.8), resides in the ImageIO framework and could result in 
memory corruption when processing a malicious image.

"Apple is aware of a report that this issue may have been exploited in an 
extremely sophisticated attack against specific targeted individuals," the 
company said in an advisory.

The iPhone maker said the bug was internally discovered and that it was 
addressed with improved bounds checking. The following versions address 
the security defect -

iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad 
Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation 
and later, iPad Air 3rd generation and later, iPad 7th generation and 
later, and iPad mini 5th generation and later
iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, 
and iPad 6th generation
macOS Ventura 13.7.8 - Macs running macOS Ventura
macOS Sonoma 14.7.8 - Macs running macOS Sonoma
macOS Sequoia 15.6.1 - Macs running macOS Sequoia
It's currently not known who is behind the attacks and who may have been 
targeted, but it's likely that the vulnerability has been weaponised as 
part of highly targeted attacks.

With the latest update, Apple has so far fixed a total of seven zero-days 
that have been abused in real-world attacks since the start of the year: 
CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-
31201, and CVE-2025-43200.

Last month, the company also issued patches for a Safari vulnerability 
residing in an open-source component (CVE-2025-6558) that Google reported 
as having been exploited as a zero-day in the Chrome web browser.

https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-
day.html

[toc] | [next] | [standalone]


#197319

From"Carlos E.R." <robin_listas@es.invalid>
Date2025-08-28 14:38 +0200
Message-ID<18v5olxruo.ln2@Telcontar.valinor>
In reply to#197318
On 2025-08-28 10:25, Symon wrote:
> Use Apple products at your own risk.  Don't fall for the Verizon free
> iPhone on us offer.  It's junk.
> 
> Apple has released security updates to address a security flaw impacting
> iOS, iPadOS, and macOS that it said has come under active exploitation in
> the wild.

And this affects Windows because...?

-- 
Cheers, Carlos.

[toc] | [prev] | [next] | [standalone]


#197392

FromWolfFan <akwolffan@zoho.com>
Date2025-09-05 17:58 -0400
Message-ID<0001HW.2E6B947804D0A66770000AA7E38F@news.supernews.com>
In reply to#197319
On Aug 28, 2025, Carlos E.R. wrote
(in article <18v5olxruo.ln2@Telcontar.valinor>):

> On 2025-08-28 10:25, Symon wrote:
> > Use Apple products at your own risk. Don't fall for the Verizon free
> > iPhone on us offer. It's junk.
> >
> > Apple has released security updates to address a security flaw impacting
> > iOS, iPadOS, and macOS that it said has come under active exploitation in
> > the wild.
>
> And this affects Windows because...?

Arlen has a new gym. Added to the killfile list; Arlen now has sufficient 
nyms that I’ve re-orged my kf list and given him his very own folder.

[toc] | [prev] | [next] | [standalone]


#197395

FromHank Rogers <Hank@nospam.invalid>
Date2025-09-05 19:03 -0500
Message-ID<109ftpi$2o1u0$1@dont-email.me>
In reply to#197392
WolfFan wrote on 9/5/2025 4:58 PM:
> On Aug 28, 2025, Carlos E.R. wrote
> (in article <18v5olxruo.ln2@Telcontar.valinor>):
> 
>> On 2025-08-28 10:25, Symon wrote:
>>> Use Apple products at your own risk. Don't fall for the Verizon free
>>> iPhone on us offer. It's junk.
>>>
>>> Apple has released security updates to address a security flaw impacting
>>> iOS, iPadOS, and macOS that it said has come under active exploitation in
>>> the wild.
>>
>> And this affects Windows because...?
> 
> Arlen has a new gym. Added to the killfile list; Arlen now has sufficient
> nyms that I’ve re-orged my kf list and given him his very own folder.
> 

At least he has kept the gym open, though I'm not a member and don't 
work out at arlen's gym.

re-orging is always good when you have kf lists.  Good luck!

[toc] | [prev] | [next] | [standalone]


#197320

FromAlan <nuh-uh@nope.com>
Date2025-08-28 10:20 -0400
Message-ID<108pok8$1d5gg$1@dont-email.me>
In reply to#197318
On 2025-08-28 04:25, Symon wrote:
> Use Apple products at your own risk.  Don't fall for the Verizon free
> iPhone on us offer.  It's junk.
> 
> Apple has released security updates to address a security flaw impacting
> iOS, iPadOS, and macOS that it said has come under active exploitation in
> the wild.
And in other news, Arlen has changed posting nyms again!

[toc] | [prev] | [next] | [standalone]


#197322

FromHank Rogers <Hank@nospam.invalid>
Date2025-08-28 12:44 -0500
Message-ID<108q4hs$1ggbh$2@dont-email.me>
In reply to#197320
Alan wrote on 8/28/2025 9:20 AM:
> On 2025-08-28 04:25, Symon wrote:
>> Use Apple products at your own risk.  Don't fall for the Verizon free
>> iPhone on us offer.  It's junk.
>>
>> Apple has released security updates to address a security flaw impacting
>> iOS, iPadOS, and macOS that it said has come under active exploitation in
>> the wild.
> And in other news, Arlen has changed posting nyms again!

Oh no, Arlen's on the loose again!  Better hop to it boy.

[toc] | [prev] | [next] | [standalone]


#197369

FromTom Elam <thomas.e.elam@gmail.com>
Date2025-09-04 14:12 -0400
Message-ID<109ckpk$1u39b$1@dont-email.me>
In reply to#197318
On 8/28/2025 4:25 AM, Symon wrote:
> Use Apple products at your own risk.  Don't fall for the Verizon free
> iPhone on us offer.  It's junk.
> 
> Apple has released security updates to address a security flaw impacting
> iOS, iPadOS, and macOS that it said has come under active exploitation in
> the wild.
> 
> The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300
> (CVSS score: 8.8), resides in the ImageIO framework and could result in
> memory corruption when processing a malicious image.
> 
> "Apple is aware of a report that this issue may have been exploited in an
> extremely sophisticated attack against specific targeted individuals," the
> company said in an advisory.
> 
> The iPhone maker said the bug was internally discovered and that it was
> addressed with improved bounds checking. The following versions address
> the security defect -
> 
> iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad
> Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation
> and later, iPad Air 3rd generation and later, iPad 7th generation and
> later, and iPad mini 5th generation and later
> iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
> and iPad 6th generation
> macOS Ventura 13.7.8 - Macs running macOS Ventura
> macOS Sonoma 14.7.8 - Macs running macOS Sonoma
> macOS Sequoia 15.6.1 - Macs running macOS Sequoia
> It's currently not known who is behind the attacks and who may have been
> targeted, but it's likely that the vulnerability has been weaponised as
> part of highly targeted attacks.
> 
> With the latest update, Apple has so far fixed a total of seven zero-days
> that have been abused in real-world attacks since the start of the year:
> CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-
> 31201, and CVE-2025-43200.
> 
> Last month, the company also issued patches for a Safari vulnerability
> residing in an open-source component (CVE-2025-6558) that Google reported
> as having been exploited as a zero-day in the Chrome web browser.
> 
> https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-
> day.html
> 

You are living in an Android glass house and throwing stones at iOS:

"Google patches two Android zero-days, 120 defects total in September 
security update. The critical, actively exploited zero-day 
vulnerabilities affect the Linux kernel and Android runtime."

That is just one update!

https://cyberscoop.com/android-security-update-september-2025/

[toc] | [prev] | [next] | [standalone]


#197370

FromJolly Roger <jollyroger@pobox.com>
Date2025-09-04 20:26 +0000
Message-ID<mhub0iFtrf5U1@mid.individual.net>
In reply to#197369
On 2025-09-04, Tom Elam <thomas.e.elam@gmail.com> wrote:
> On 8/28/2025 4:25 AM, Symon wrote:
>>
>> [a bunch of troll bullshit]
>
> You are living in an Android glass house and throwing stones at iOS:

Juvenile insults and pissing contests are the best this loser has to
offer to the world.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]


#197371

FromHank Rogers <Hank@nospam.invalid>
Date2025-09-04 15:55 -0500
Message-ID<109cuc8$20m4j$1@dont-email.me>
In reply to#197370
Jolly Roger wrote on 9/4/2025 3:26 PM:
> On 2025-09-04, Tom Elam <thomas.e.elam@gmail.com> wrote:
>> On 8/28/2025 4:25 AM, Symon wrote:
>>>
>>> [a bunch of troll bullshit]
>>
>> You are living in an Android glass house and throwing stones at iOS:
> 
> Juvenile insults and pissing contests are the best this loser has to
> offer to the world.
> 

And you NEVER stoop that low, right jolly?

[toc] | [prev] | [next] | [standalone]


#197382

FromJolly Roger <jollyroger@pobox.com>
Date2025-09-05 16:46 +0000
Message-ID<mi0if4Fa4rjU1@mid.individual.net>
In reply to#197371
On 2025-09-04, Hank Rogers <Hank@nospam.invalid> wrote:
> Jolly Roger wrote on 9/4/2025 3:26 PM:
>> On 2025-09-04, Tom Elam <thomas.e.elam@gmail.com> wrote:
>>> On 8/28/2025 4:25 AM, Symon wrote:
>>>>
>>>> [a bunch of troll bullshit]
>>>
>>> You are living in an Android glass house and throwing stones at iOS:
>> 
>> Juvenile insults and pissing contests are the best this loser has to
>> offer to the world. 
>
> And you NEVER stoop that low, right jolly?

Only with trolls, and Arlen is King of Loser Trolls. You won't find me
slinging insults back at anyone else, since they aren't slinging
juvenile insults my way. But you want everyone to ignore that reality,
don't you? Because: troll. 😉

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]


#197439

FromTom Elam <thomas.e.elam@gmail.com>
Date2025-09-09 19:52 -0400
Message-ID<109qekc$1afo5$1@dont-email.me>
In reply to#197318
On 8/28/2025 4:25 AM, Symon wrote:
> Use Apple products at your own risk.  Don't fall for the Verizon free
> iPhone on us offer.  It's junk.
> 
> Apple has released security updates to address a security flaw impacting
> iOS, iPadOS, and macOS that it said has come under active exploitation in
> the wild.
> 
> The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300
> (CVSS score: 8.8), resides in the ImageIO framework and could result in
> memory corruption when processing a malicious image.
> 
> "Apple is aware of a report that this issue may have been exploited in an
> extremely sophisticated attack against specific targeted individuals," the
> company said in an advisory.
> 
> The iPhone maker said the bug was internally discovered and that it was
> addressed with improved bounds checking. The following versions address
> the security defect -
> 
> iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad
> Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation
> and later, iPad Air 3rd generation and later, iPad 7th generation and
> later, and iPad mini 5th generation and later
> iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
> and iPad 6th generation
> macOS Ventura 13.7.8 - Macs running macOS Ventura
> macOS Sonoma 14.7.8 - Macs running macOS Sonoma
> macOS Sequoia 15.6.1 - Macs running macOS Sequoia
> It's currently not known who is behind the attacks and who may have been
> targeted, but it's likely that the vulnerability has been weaponised as
> part of highly targeted attacks.
> 
> With the latest update, Apple has so far fixed a total of seven zero-days
> that have been abused in real-world attacks since the start of the year:
> CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-
> 31201, and CVE-2025-43200.
> 
> Last month, the company also issued patches for a Safari vulnerability
> residing in an open-source component (CVE-2025-6558) that Google reported
> as having been exploited as a zero-day in the Chrome web browser.
> 
> https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-
> day.html
> 

I don't see a reply to my post on exploited zero-day Android security flaws.

[toc] | [prev] | [next] | [standalone]


#197445

FromJolly Roger <jollyroger@pobox.com>
Date2025-09-10 15:44 +0000
Message-ID<midkmsFhectU1@mid.individual.net>
In reply to#197439
On 2025-09-09, Tom Elam <thomas.e.elam@gmail.com> wrote:
> On 8/28/2025 4:25 AM, Symon wrote:
>>
>> Use Apple products at your own risk.  Don't fall for the Verizon free
>> iPhone on us offer.  It's junk.
>
> I don't see a reply to my post on exploited zero-day Android security
> flaws.

Even if he did reply, it'd be full of his usual lies and insults. 😉

Speaking of zero days, did you see that Apple just announced a huge
security feature called Memory Integrity Enforcement?

<https://security.apple.com/blog/memory-integrity-enforcement/>

Cool stuff!

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [standalone]


Back to top | Article view | misc.phone.mobile.iphone


csiph-web