CVE-2025-43300

What is Apple ImageIO?

Apple ImageIO (also referred to as the Image I/O framework or RawCamera framework) is the system-level image parsing library present on every Apple platform — iOS, iPadOS, macOS, tvOS, and watchOS. It handles decoding of dozens of image formats including JPEG, PNG, HEIC, TIFF, DNG, and RAW camera formats. Because ImageIO is used by the OS and virtually every app that displays images — Messages, Mail, Photos, Safari, WhatsApp, and more — a memory corruption vulnerability in ImageIO can be triggered simply by the victim receiving or previewing a malicious image, with no interaction required (zero-click). This makes ImageIO bugs a prime target for mercenary spyware operators building zero-click exploit chains.

Overview

CVE-2025-43300 is a maximum-severity out-of-bounds write vulnerability (CWE-787, CVSS 10.0) in Apple's ImageIO framework. A crafted DNG/JPEG-lossless image where TIFF SamplesPerPixel metadata disagrees with the JPEG SOF3 component count causes the parser to miscalculate buffer boundaries, resulting in heap memory corruption. Exploitation requires no user interaction — the victim's device processes the malicious image automatically upon receipt (zero-click). Apple confirmed the vulnerability was used in "an extremely sophisticated attack against specific targeted individuals." WhatsApp subsequently confirmed the bug was chained with a companion zero-click flaw (CVE-2025-55177) in targeted mercenary spyware attacks affecting fewer than 200 individuals.

Affected Versions

Technical Details

The vulnerability (CWE-787: Out-of-Bounds Write) is in ImageIO's DNG/JPEG-lossless parser. When parsing a crafted image file, the parser reads SamplesPerPixel from the TIFF metadata section and reads the component count from the JPEG SOF3 (Start of Frame, lossless) marker. In a valid image these values agree; in the malicious image they are deliberately mismatched. The parser uses the larger value from one source to allocate a buffer, but uses the smaller value from the other source to calculate write offsets — resulting in writes beyond the allocated buffer's end.

This heap out-of-bounds write corrupts adjacent memory, enabling the attacker to overwrite control structures and redirect execution to attacker-controlled code. The fixed version validates that the TIFF and SOF3 component counts agree before proceeding with parsing.

The attack is zero-click: since ImageIO processes images automatically when received via Messages, Mail, WhatsApp, or other messaging apps, the victim's device processes the malicious image upon receipt without any tap or interaction.

Discovery

Discovered internally by Apple. No external researcher is credited in the advisory. Quarkslab subsequently published a detailed patch analysis.

Exploitation Context

Apple confirmed that CVE-2025-43300 "was exploited against specific targeted individuals" — language Apple reserves for zero-click spyware. WhatsApp confirmed the vulnerability was chained with CVE-2025-55177 (a WhatsApp-specific zero-click flaw) in targeted attacks affecting fewer than 200 individuals. This attack profile is consistent with government-grade mercenary spyware (e.g., NSO Group Pegasus, Paragon Graphite, or similar) deployed against journalists, activists, diplomats, and government officials. CISA added the CVE to the KEV catalog on the same day as Apple's patch (21 August 2025), indicating evidence of exploitation against government-relevant targets.

Remediation

1. Update all Apple devices immediately to the fixed OS versions: iOS/iPadOS 18.6.2, macOS Sequoia 15.6.1, Sonoma 14.7.8, Ventura 13.7.8.
2. For older hardware (iPhone 8, iPhone X, older iPads): apply the backport updates iOS/iPadOS 16.7.12 or 15.8.5 when available.
3. Enable automatic updates — Settings → General → Software Update → Automatic Updates — to receive future zero-day patches as rapidly as possible.
4. For high-risk individuals (journalists, activists, government officials, executives, attorneys, human rights workers): enable Apple Lockdown Mode (Settings → Privacy & Security → Lockdown Mode). Lockdown Mode significantly restricts the image parsing attack surface and would prevent or complicate zero-click delivery via messaging apps.
5. MDM-managed enterprise fleets: push the update via MDM and validate compliance within the 21-day CISA deadline.