1.0 Introduction
Recently, Apple has released emergency security updates to address a critical zero-day vulnerability (CVE-2025-43300) affecting the Image I/O framework.
2.0 Impact
Successful exploitation of this vulnerability could enable attackers to trigger memory corruption or execute arbitrary code on affected devices.
3.0 Affected Products
- iOS and iPadOS prior to 18.6.2
- iPadOS prior to 17.7.10
- macOS Sequoia prior to 15.6.1
- macOS Sonoma prior to 14.7.8
- macOS Ventura prior to 13.7.8
4.0 Recommendations
CyberSecurity Malaysia encourages users and administrators to review the Apple security release and apply the necessary updates:
Kindly refer to the following URLs for more information:
- iOS 18.6.2 and iPadOS 18.6.2 : https://support.apple.com/en-us/124925
- iPadOS 17.7.10 : https://support.apple.com/en-us/124926
- macOS Sequoia 15.6.1 : https://support.apple.com/en-us/124927
- macOS Sonoma 14.7.8 : https://support.apple.com/en-us/124928
- macOS Ventura 13.7.8 : https://support.apple.com/en-us/124929
Generally, we advise users to be updated with the latest security announcements by the Apple and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact the Cyber999 Incident Response Centre through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 08:30 -17:30 MYT
Web: https://www.cybersecurity.my/
5.0 References