Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > alt.comp.os.windows-10 > #187046

Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

From Symon <symon@notice.org>
Subject Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks
Message-ID <d9131ade72cf3bb031b5a471d45b25f9@dizum.com> (permalink)
Date 2025-08-28 10:25 +0200
Newsgroups alt.comp.os.windows-10, alt.comp.os.windows-11, comp.sys.mac.advocacy, misc.phone.mobile.iphone, talk.politics.guns
Organization dizum.com - The Internet Problem Provider

Cross-posted to 5 groups.

Show all headers | View raw


Use Apple products at your own risk.  Don't fall for the Verizon free 
iPhone on us offer.  It's junk.

Apple has released security updates to address a security flaw impacting 
iOS, iPadOS, and macOS that it said has come under active exploitation in 
the wild.

The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300 
(CVSS score: 8.8), resides in the ImageIO framework and could result in 
memory corruption when processing a malicious image.

"Apple is aware of a report that this issue may have been exploited in an 
extremely sophisticated attack against specific targeted individuals," the 
company said in an advisory.

The iPhone maker said the bug was internally discovered and that it was 
addressed with improved bounds checking. The following versions address 
the security defect -

iOS 18.6.2 and iPadOS 18.6.2 - iPhone XS and later, iPad Pro 13-inch, iPad 
Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation 
and later, iPad Air 3rd generation and later, iPad 7th generation and 
later, and iPad mini 5th generation and later
iPadOS 17.7.10 - iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, 
and iPad 6th generation
macOS Ventura 13.7.8 - Macs running macOS Ventura
macOS Sonoma 14.7.8 - Macs running macOS Sonoma
macOS Sequoia 15.6.1 - Macs running macOS Sequoia
It's currently not known who is behind the attacks and who may have been 
targeted, but it's likely that the vulnerability has been weaponised as 
part of highly targeted attacks.

With the latest update, Apple has so far fixed a total of seven zero-days 
that have been abused in real-world attacks since the start of the year: 
CVE-2025-24085, CVE-2025-24200, CVE-2025-24201, CVE-2025-31200, CVE-2025-
31201, and CVE-2025-43200.

Last month, the company also issued patches for a Safari vulnerability 
residing in an open-source component (CVE-2025-6558) that Google reported 
as having been exploited as a zero-day in the Chrome web browser.

https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-
day.html

Back to alt.comp.os.windows-10 | Previous | NextNext in thread | Find similar | Unroll thread


Thread

Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Symon <symon@notice.org> - 2025-08-28 10:25 +0200
  Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks "Carlos E.R." <robin_listas@es.invalid> - 2025-08-28 14:38 +0200
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks WolfFan <akwolffan@zoho.com> - 2025-09-05 17:58 -0400
      Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-05 19:03 -0500
  Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Alan <nuh-uh@nope.com> - 2025-08-28 10:20 -0400
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-08-28 12:44 -0500
  Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-04 14:12 -0400
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-04 20:26 +0000
      Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Hank Rogers <Hank@nospam.invalid> - 2025-09-04 15:55 -0500
        Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-05 16:46 +0000
  Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Tom Elam <thomas.e.elam@gmail.com> - 2025-09-09 19:52 -0400
    Re: Leaking sieve Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks Jolly Roger <jollyroger@pobox.com> - 2025-09-10 15:44 +0000

csiph-web