Apple’s advisory, issued midweek, did not disclose specifics on the threat actors or the extent of affected users but confirmed the exploit was actively leveraged. Security researchers highlight that the attack employs “zero-click” methods, similar to those used in high-profile spyware campaigns, which silently compromise devices through crafted files or messages, requiring no user action.
The company responded by rolling out fixes across its entire ecosystem. Updates are now live in iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, and macOS Sonoma 14.7.8. Affected hardware includes the iPhone XS and later models, multiple generations of iPad Pro, iPad Air, and iPad mini, as well as Macs running the current desktop operating systems. Apple says the patch strengthens memory checks to prevent the flaw from being abused.
This is not an isolated incident. CVE-2025-43300 marks the sixth zero-day Apple has had to patch this year, following a string of urgent fixes in January, February, March, and April. The frequency highlights the scale of scrutiny Apple’s platforms face from well-resourced attackers, including those suspected of operating on behalf of governments.
While the company insists the bug is being used in very narrow campaigns, security professionals urge users not to delay. Installing the latest updates immediately is the most reliable way to eliminate the risk of compromise. In an era where spyware can slip in silently through a single photo, keeping devices patched has become less of a technical chore and more of a frontline defense.
Caught feelings for cybersecurity? It’s okay, it happens. Follow us on LinkedIn and Instagram to keep the spark alive.
