Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > alt.comp.os.windows-10 > #187246

Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

From Tom Elam <thomas.e.elam@gmail.com>
Newsgroups alt.comp.os.windows-10, alt.comp.os.windows-11, comp.sys.mac.advocacy, misc.phone.mobile.iphone, talk.politics.guns
Subject Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Date 2025-09-04 14:12 -0400
Organization A noiseless patient Spider
Message-ID <109ckpk$1u39b$1@dont-email.me> (permalink)
References <d9131ade72cf3bb031b5a471d45b25f9@dizum.com>

Cross-posted to 5 groups.

Show all headers | View raw


On 8/28/2025 4:25 AM, Symon wrote:
> Use Apple products at your own risk.  Don't fall for the Verizon free
> iPhone on us offer.  It's junk.
> 
> Apple has released security updates to address a security flaw impacting
> iOS, iPadOS, and macOS that it said has come under active exploitation in
> the wild.
> 
> The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300
> (CVSS score: 8.8), resides in the ImageIO framework and could result in
> memory corruption when processing a malicious image.
> 
> "Apple is aware of a report that this issue may have been exploited in an
> extremely sophisticated attack against specific targeted individuals," the
> company said in an advisory.
> 
> The iPhone maker said the bug was internally discovered and that it was
> addressed with improved bounds checking. The following versions address
> the security defect -
> 
> iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad
> Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation
> and later, iPad Air 3rd generation and later, iPad 7th generation and
> later, and iPad mini 5th generation and later
> iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
> and iPad 6th generation
> macOS Ventura 13.7.8 - Macs running macOS Ventura
> macOS Sonoma 14.7.8 - Macs running macOS Sonoma
> macOS Sequoia 15.6.1 - Macs running macOS Sequoia
> It's currently not known who is behind the attacks and who may have been
> targeted, but it's likely that the vulnerability has been weaponised as
> part of highly targeted attacks.
> 
> With the latest update, Apple has so far fixed a total of seven zero-days
> that have been abused in real-world attacks since the start of the year:
> CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-
> 31201, and CVE-2025-43200.
> 
> Last month, the company also issued patches for a Safari vulnerability
> residing in an open-source component (CVE-2025-6558) that Google reported
> as having been exploited as a zero-day in the Chrome web browser.
> 
> https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-
> day.html
> 

You are living in an Android glass house and throwing stones at iOS:

"Google patches two Android zero-days, 120 defects total in September 
security update. The critical, actively exploited zero-day 
vulnerabilities affect the Linux kernel and Android runtime."

That is just one update!

https://cyberscoop.com/android-security-update-september-2025/

Back to alt.comp.os.windows-10 | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Symon <symon@notice.org> - 2025-08-28 10:25 +0200
  Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks "Carlos E.R." <robin_listas@es.invalid> - 2025-08-28 14:38 +0200
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks WolfFan <akwolffan@zoho.com> - 2025-09-05 17:58 -0400
      Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-05 19:03 -0500
  Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Alan <nuh-uh@nope.com> - 2025-08-28 10:20 -0400
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-08-28 12:44 -0500
  Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-04 14:12 -0400
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-04 20:26 +0000
      Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-04 15:55 -0500
        Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-05 16:46 +0000
  Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-09 19:52 -0400
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-10 15:44 +0000

csiph-web