—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Out-of-Bounds Write Vulnerability in Apple Products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Apple iOS and iPadOS versions prior to 18.6.2 (for iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later)

Apple iPadOS versions prior to 17.7.10 (for iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation)

Apple macOS Sequoia versions prior to 15.6.1 (for macOS Sequoia)

Apple macOS Sonoma versions prior to 14.7.8 (for macOS Sonoma)

Apple macOS Ventura versions prior to 13.7.8 (for macOS Ventura)

Overview

A vulnerability has been reported in Apple products which could be exploited by an attacker to execute arbitrary code or cause denial of service conditions on the targeted system.

Target Audience:

All end-user organizations and individuals using Apple products.

Risk Assessment:

Arbitrary code execution and denial of service.

Impact Assessment:

Potential for memory corruption, arbitrary code execution with user privileges, or system/application crashes (DoS).

Description

This vulnerability exists in the ImageIO component of Apple products due to improper bounds checking. A remote attacker could exploit this flaw by tricking a victim into processing a specially crafted image file, leading to an out-of-bounds write and subsequent memory corruption.

Successful exploitation of this vulnerability could result in execution of arbitrary code or cause denial of service conditions on the targeted system.

Note: The above issue may have been exploited in a sophisticated attack targeting specific individuals.

Solution

Apply appropriate security updates as mentioned in the Apple Security Updates.

Vendor Information

Apple

https://support.apple.com/en-in/124925

https://support.apple.com/en-in/124926

https://support.apple.com/en-in/124927

https://support.apple.com/en-in/124928

https://support.apple.com/en-in/124929

References

 

https://support.apple.com/en-in/124925

https://support.apple.com/en-in/124926

https://support.apple.com/en-in/124927

https://support.apple.com/en-in/124928

https://support.apple.com/en-in/124929

CVE Name

CVE-2025-43300

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmipvawACgkQ3jCgcSdc

ys/6jA/7BIIVIRrGbYzavtInD6y+Iz8pZjLH4BBnNk8F5s0VgwzZNaIIlp4fXjyL

DJydFNJPJPT7eH9ByYekIA6e/xFJe7QalD4HWHiv69T4VusD9+bW0xbXImwAz+S9

D21U3jSuue/fuBgSOIjQzq+O5o4cG4XosdjDKPGQovqOSLa9L3KWM1lSWrCgFBHs

t0ktPNBW3vMqbKX/4GOCU1qvg5mkd1wn2kuvlHrpzkM388gmVCQ2dc1FwFu881jD

fcNEiu/jbiQfe9+95EhD2FsiYarw+wHDpKPU9Yfh5x7IKgTdQAfkVVGp8IY9h3Vz

L1bQ5IjQMAz1Yz7D6z+N+gCAtxulwUlF1IhosNmD9bxl+3H5XvIexlFEFwhogmYu

w39tNFJSc6wYnLk727aMExo2Lr3+sDp6XRHMtiRI4TqdwS1Esywrkv9uiKsqP05B

fL8pwl8Ba82KAtMwjnj8BJypGsvl6U5BJO7UGtXVC4Trt0eAn1cBSGR0p3dka+3E

n5/KBf32Vr+yo2WvRNPf6wHrJ8p0Znhw28WLs2qeLccTvHNvmTPPIgXokuW/LWig

JjXCpG67mtcSSaE8UUgKv8Lp80/R/aV+TlAZge44hAjFceTsYztOd42nj7qRC7ow

4mkjPNlMbkoWxT+VhB0RBh1pEiixHwKIgyyrNM5W3Br8oLOTXn8=

=X0AE

—–END PGP SIGNATURE—–