iOS
Vulnerability
Threat Guidances
September 9, 2025

CVE-2025-43300 in iOS

A vulnerable iPhone with malicious images on h

Lookout Coverage and Recommendation for Admins

To ensure your devices are protected, users should avoid opening image files from unknown or unsolicited sources, especially if using older OS versions. Lookout admins should take the following steps in their Lookout console:

  • Set the default OS Out of Date policy to enforce a minimum iOS version of 18.6.2 on all devices.
  • Choose whether to immediately warn or block non-compliance devices from access work apps and data until their OS is updated. 
  • If your risk policies allow for a grace period, set the policy to escalate in severity and limitation to the user for a short period of time that aligns with your policies. 

Overview 

CISA recently added guidance to CVE-2025-43300, a critical zero‑day vulnerability in Apple’s Image I/O framework, which handles image file processing across iOS, iPadOS, and macOS. A specially crafted image can trigger an out‑of‑bounds write, leading to memory corruption and potentially enabling arbitrary code execution. There has been evidence of active exploitation of this CVE. This issue was addressed with improved bounds checks, and fixed in iOS / iPadOS (current models) 18.6.2, iPadOS (older models) 17.7.10, and macOS Sequoia 15.6.1. 

United States government organizations are required to have all vulnerable devices patched by September 11, 2025. While CISA’s requirement is only for US government organizations, their guidance should be a source of information for enterprise organizations, as well. 

Lookout Analysis

Regardless of who builds software, it is rarely perfect. Apple has the advantage of building and maintaining both its hardware and software products, which reduces the variables that could lead to exploitable code. However, this doesn’t mean that Apple devices are impenetrable. 

What’s most concerning about this vulnerability is that it doesn’t require the target to actually click anything. Since mobile devices typically automatically process images in apps like Messages, Safari, or Mail, the end user could open the door for an attacker without ever knowing it. 

Without visibility into vulnerable devices across your mobile fleet, your organization and its data could be exposed to threats like this. To combat these problems, security teams should leverage mobile EDR to integrate mobile device and app vulnerability data into their SIEM, SOAR, or XDR solution. 

Authors

Lookout

Endpoint Security
Platform(s) Affected
iOS
Threat Type
Vulnerability
Entry Type
Threat Guidances
Platform(s) Affected
iOS
Vulnerability
Threat Guidances

Related Content

CVE-2025-43300 in iOS

CISA recently added guidance to CVE-2025-43300, a critical zero‑day vulnerability in Apple’s Image I/O framework, which handles image file processing across all Apple OSs.

Read Threat Article

CVE-2025-55177: WhatsApp for iOS

CVE-2025-55177 involves an issue with the incomplete authorization of linked device synchronization messages in WhatsApp leading to exploitation without interaction.

Read Threat Article

Scattered Spider

Scattered Spider, aka UNC3944, was able to successfully target and gain access to the infrastructure of Caesars Entertainment in its latest campaign

Read Threat Article
A woman using her phone and laptop on a train ride.

Lookout Mobile Endpoint Security

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Advanced mobile Endpoint Detection & Response powered by data from 185M+ apps and 200M+ devices on iOS, Android, ChromeOS.

Try Lookout for Free Today
Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell