Description
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Published: 2025-08-21
Score: 10 Critical
EPSS: 20.0% Moderate
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An out-of-bounds write was discovered in Apple’s image‑processing component when handling malicious image files. The flaw allows crafted content to overwrite adjacent memory, resulting in arbitrary memory corruption that could influence program control flow. It is classified under CWE-787.

Affected Systems

Patch notes indicate that the vulnerability exists in iOS versions 15.8.5, 16.7.12 and 18.6.2, as well as their iPadOS counterparts (15.8.5, 16.7.12, 18.6.2, 17.7.10). For macOS, the affected releases include macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8. Devices running earlier builds than these specified versions are likely vulnerable.

Risk and Exploitability

Apple reports that the flaw has been leveraged in a highly sophisticated attack against a specific group of targets. The CVSS base score of 10 underscores the maximum severity, while an EPSS of less than 1% indicates a low likelihood of exploitation in the wild. The likely attack vector is the delivery of malicious image files via email attachments, web content, or any service that renders images on the device. Based on the description, it is inferred that the memory corruption could enable remote code execution, though the exact exploitation path is not fully documented. Being listed in the CISA KEV catalog confirms that the vulnerability has been actively exploited, making immediate remediation imperative.

Generated by OpenCVE AI on June 18, 2026 at 13:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest security updates for iOS, iPadOS, and macOS that include the fix (iOS 15.8.5+, 16.7.12+, 18.6.2+, iPadOS 15.8.5+, 16.7.12+, 18.6.2+, 17.7.10+, macOS Sequoia 15.6.1+, Sonoma 14.7.8+, Ventura 13.7.8+).
  • Until the update is installed, avoid opening or viewing image files from untrusted or unknown sources, and consider using a sandboxed or separate user context for visualizing potentially malicious content.
  • Monitor device logs for abnormal memory corruption events or crashes that could indicate exploitation attempts, and apply any additional system hardening guidelines provided by Apple.

Generated by OpenCVE AI on June 18, 2026 at 13:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-25409 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in Apple Image Processor Causing Memory Corruption

Wed, 17 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in Apple Image Processor Causing Memory Corruption

Tue, 16 Jun 2026 07:00:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in Apple Image-Processing Component

Sun, 14 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Write in Apple Image-Processing Component

Thu, 07 May 2026 15:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑bounds Write in Image Processing Leading to Memory Corruption

Tue, 28 Apr 2026 00:45:00 +0000

Type Values Removed Values Added
Title Out‑of‑bounds Write in Image Processing Leading to Memory Corruption

Thu, 02 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References

Wed, 26 Nov 2025 14:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 04 Nov 2025 22:30:00 +0000

Type Values Removed Values Added
References

Tue, 04 Nov 2025 16:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Mon, 03 Nov 2025 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 23:15:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 21 Oct 2025 19:30:00 +0000

Type Values Removed Values Added
References

Tue, 16 Sep 2025 15:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*

Mon, 15 Sep 2025 23:30:00 +0000

Type Values Removed Values Added
References

Mon, 15 Sep 2025 22:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References

Tue, 26 Aug 2025 05:30:00 +0000

Type Values Removed Values Added
References

Fri, 22 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple iphone Os
CPEs cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
Vendors & Products Apple iphone Os

Thu, 21 Aug 2025 17:45:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2025-08-21T00:00:00+00:00', 'dueDate': '2025-09-11T00:00:00+00:00'}

Thu, 21 Aug 2025 13:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 Aug 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura
Vendors & Products Apple
Apple ios
Apple ipados
Apple macos
Apple macos Sequoia
Apple macos Sonoma
Apple macos Ventura

Thu, 21 Aug 2025 00:45:00 +0000

Type Values Removed Values Added
Description An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sonoma 14.7.8, macOS Ventura 13.7.8, iPadOS 17.7.10, macOS Sequoia 15.6.1, iOS 18.6.2 and iPadOS 18.6.2. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
References

Subscriptions

Apple Ios Ipados Iphone Os Macos Macos Sequoia Macos Sonoma Macos Ventura
cve-icon MITRE

Status: PUBLISHED

Assigner: apple

Published:

Updated: 2026-04-02T18:17:25.587Z

Reserved: 2025-04-16T15:24:37.104Z

Link: CVE-2025-43300

cve-icon Vulnrichment

Updated: 2025-11-04T22:06:35.976Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-21T01:15:36.243

Modified: 2026-06-17T09:23:42.063

Link: CVE-2025-43300

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T14:00:16Z

Weaknesses