Código HTML do Conteúdo

Post: Apple addressed the seventh actively exploited zero-day - Against Invaders - Notícias de CyberSecurity para humanos.

<div> <div> <h2>Apple addressed the seventh actively exploited zero-day</h2> <h2>Apple addressed a vulnerability impacting iOS, iPadOS, and macOS that it is under active exploitation in the wild.</h2> <p>Apple addressed an actively exploited zero-day, tracked as CVE-2025-43300, in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds write issue that resides in the<a href="https://developer.apple.com/documentation/imageio" rel="noreferrer noopener" target="_blank">ImageIO framework</a>, an attacker could exploit it to cause memory corruption when processing a malicious image.</p> <p>&ldquo;Processing a malicious image file may result in memory corruption.&rdquo; reads the <a href="https://support.apple.com/en-us/124925" target="_blank">advisory</a> published by the tech giant. &ldquo;Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.&rdquo;</p> <p>The company fixed the problem with improved bounds checking. Apple released the following updates to fix the issue:</p> <ul> <li><strong><a href="https://support.apple.com/en-us/124925" rel="noreferrer noopener" target="_blank">iOS 18.6.2 and iPadOS 18.6.2</a></strong>&ndash; iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later</li> <li><strong><a href="https://support.apple.com/en-us/124926" rel="noreferrer noopener" target="_blank">iPadOS 17.7.10</a></strong>&ndash; iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation</li> <li><strong><a href="https://support.apple.com/en-us/124929" rel="noreferrer noopener" target="_blank">macOS Ventura 13.7.8</a></strong>&ndash; Mac systems running macOS Ventura</li> <li><strong><a href="https://support.apple.com/en-us/124928" rel="noreferrer noopener" target="_blank">macOS Sonoma 14.7.8</a></strong>&ndash; Macs systems running macOS Sonoma</li> <li><strong><a href="https://support.apple.com/en-us/124927" rel="noreferrer noopener" target="_blank">macOS Sequoia 15.6.1</a></strong>&ndash; Macs systems running macOS Sequoia</li> </ul> <p>As usual, the company did not share technical details about the attacks exploiting this vulnerability.</p> <p>Apple&rsquo;s latest update brings the total to seven zero-days patched in 2025 that were exploited in real-world attacks.</p> <p>The other zero-day vulnerabilities addressed this year are <a href="https://securityaffairs.com/175269/hacking/apple-third-zero-day-2025.html" target="_blank">CVE-2025-24085</a>,<a href="https://securityaffairs.com/178962/mobile-2/apple-confirmed-messages-app-flaw-actively-exploited.html" target="_blank">CVE-2025-24200</a>,<a href="https://securityaffairs.com/175269/hacking/apple-third-zero-day-2025.html" target="_blank">CVE-2025-24201</a>,<a href="https://securityaffairs.com/176644/security/apple-emergency-updates-actively-exploited-ios-ipados-macos-bugs.html" rel="noreferrer noopener" target="_blank">CVE-2025-31200, CVE-2025-31201</a>, and<a href="https://securityaffairs.com/178962/mobile-2/apple-confirmed-messages-app-flaw-actively-exploited.html" rel="noreferrer noopener" target="_blank">CVE-2025-43200</a>.</p> <p>Follow me on Twitter:<a href="https://twitter.com/securityaffairs" target="_blank">@securityaffairs</a>and<a href="https://www.facebook.com/sec.affairs" target="_blank">Facebook</a>and<a href="https://infosec.exchange/@securityaffairs" target="_blank">Mastodon</a></p> <p><a href="http://www.linkedin.com/pub/pierluigi-paganini/b/742/559" target="_blank">PierluigiPaganini</a></p> <p>(<a href="http://securityaffairs.co/wordpress/" target="_blank">SecurityAffairs</a>&ndash;hacking,CVE-2025-43300)</p> <hr> <hr> </div></div>