1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Update Apple devices now - new security patch fixes potentially s

    From TechnologyDaily@1337:1/100 to All on Thursday, August 21, 2025 16:15:10
    Update Apple devices now - new security patch fixes potentially serious zero-day flaw

    Date:
    Thu, 21 Aug 2025 15:04:00 +0000

    Description:
    Apple fixes zero-day flaw being used in highly sophisticated attacks against specific individuals.

    FULL STORY ======================================================================Apple fixes CVE-2025-43300, an out-of-bounds write bug in iOS and iPadOS The bug allowed threat actors to run remote code execution attacks There is evidence of abuse in the wild, so users should be on their guard

    Apple has fixed a bug in iOS and iPadOS which was apparently being used in an extremely sophisticated attack against specific targeted individuals.

    In a security advisory , Apple said it fixed an out-of-bounds write issue it found in the ImageIO framework, which lets apps open, save, and work with image files efficiently, including reading details like EXIF data, or
    creating thumbnails.

    An out-of-bounds bug happens when software mistakenly writes data beyond the memory area it was supposed to. This can corrupt memory, crash apps, and even allow threat actors to run malicious code, remotely. Hiding the details from the crooks

    Since the bug was found in ImageIO, it allowed specially crafted images to overflow memory checks and overwrite adjacent data when processed. A threat actor could send a malicious image in an email, a message, or a webpage. If the vulnerable device were to try and render it, the out-of-bounds write
    might let the attacker crash the system, or even run malware .

    The bug is tracked as CVE-2025-43300, and doesnt yet have a severity score. Apple did not discuss the findings further, in order to give everyone enough time to patch, without giving other threat actors knowledge on how to abuse it.

    Devices affected by this flaw include iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

    Apple fixed it by improving boundary checks, in versions iOS 18.6.2 and
    iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

    This is the sixth zero-day vulnerability Apple fixed since the start of 2025, BleepingComputer reports, including CVE-2025-24085 (January), CVE-2025-24200 (February), CVE-2025-24201 (March), and two in April, CVE-2025-31200 and CVE-2025-31201.

    Via BleepingComputer You might also like Apple fixes dangerous zero-day used in attacks against iPhones and iPads Take a look at our guide to the best authenticator app We've rounded up the best password managers



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/update-apple-devices-now-new-security-p atch-fixes-potentially-serious-zero-day-flaw


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)