Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Apple Backports Fix for CVE-2025-43300 Exploited in Sophisticated Spyware Attack

The Hacker News by The Hacker News
September 16, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Sep 16, 2025Ravie LakshmananVulnerability / Spyware

Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.

The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said.

Since then, WhatsApp has acknowledged that a vulnerability in its messaging apps for Apple iOS and macOS (CVE-2025-55177, CVSS score: 5.4) had been chained with CVE-2025-43300 as part of highly-targeted spyware attacks aimed at less than 200 individuals.

While the shortcoming was first addressed by the iPhone maker late last month with the release of iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1, it has also been released for the following older versions –

  • iOS 16.7.12 and iPadOS 16.7.12 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
  • iOS 15.8.5 and iPadOS 15.8.5 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
Audit and Beyond

The updates have been rolled out alongside iOS 26, iPadOS 26, iOS 18.7, iPadOS 18.7, macOS Tahoe 26, macOS Sequoia 15.7, macOS Sonoma 14.8, tvOS 26, visionOS 26, watchOS 26, Safari 26, and Xcode 26, which also address a number of other security flaws –

  • CVE-2025-31255 – An authorization vulnerability in IOKit that could allow an app to access sensitive data
  • CVE-2025-43362 – A vulnerability in LaunchServices that could allow an app to monitor keystrokes without user permission
  • CVE-2025-43329 – A permissions vulnerability in Sandbox that could allow an app to break out of its sandbox
  • CVE-2025-31254 – A vulnerability in Safari that could result in unexpected URL redirection when processing maliciously crafted web content
  • CVE-2025-43272 – A vulnerability in WebKit that could result in unexpected Safari crash when processing maliciously crafted web content
  • CVE-2025-43285 – A permissions vulnerability in AppSandbox that could allow an app to access protected user data
  • CVE-2025-43349 – An out-of-bounds write issue in CoreAudio that could result in unexpected app termination when processing a maliciously crafted video file
  • CVE-2025-43316 – A permissions vulnerability in DiskArbitration that could allow an app to gain root privileges
  • CVE-2025-43297 – A type confusion vulnerability in Power Management that could result in a denial-of-service
  • CVE-2025-43204 – A vulnerability in RemoteViewServices that could allow an app to break out of its sandbox
  • CVE-2025-43358 – A permissions vulnerability in Shortcuts that could allow a shortcut to bypass sandbox restrictions
  • CVE-2025-43333 – A permissions vulnerability in Spotlight that could allow an app to gain root privileges
  • CVE-2025-43304 – A race condition vulnerability in StorageKit that could allow an app to gain root privileges
  • CVE-2025-48384 – A Git vulnerability in Xcode that could result in remote code execution when cloning a maliciously crafted repository

While there is no evidence that any of the aforementioned flaws have been weaponized in real-world attacks, it’s always a good practice to keep systems up-to-date for optimal protection.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Interview: Using AI agents as judges in GenAI workflows | Computer Weekly

Interview: Using AI agents as judges in GenAI workflows | Computer Weekly

Recommended.

The Bloomberg Terminal Is Getting an AI Makeover, Like It or Not

The Bloomberg Terminal Is Getting an AI Makeover, Like It or Not

April 28, 2026
Stocks making the biggest moves after hours: Nike, Core Scientific & more

Stocks making the biggest moves after hours: Nike, Core Scientific & more

June 26, 2025

Trending.

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

CELLCOM ISRAEL LTD. Announcement of A Special General Meeting of The Shareholders of The Company

May 21, 2025
Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

Veeam Debuts Data Resiliency Maturity Model To Assess, Improve Customers’ Cyber Resiliency

April 23, 2025
MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

MocPOGO Easter Special Deals: The Pokémon GO Spoofer You Need for Might and Mastery 2025!

April 7, 2025
VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

VNET Wins 40MW Wholesale Order from Leading Internet Company for Its New Strategic IDC Campus

September 11, 2025
Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

Insurance Modernization at Risk as Workforce Strategies Fall Behind, Says Info-Tech Research Group

May 8, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio