Apple has rolled out urgent security updates to fix yet another zero-day vulnerability that hackers have been actively exploiting in what the company calls an "extremely sophisticated attack."

The flaw, tracked as CVE-2025-43300, stems from an out-of-bounds write vulnerability within the Image I/O framework—a core component that allows apps to handle various image file formats.

Such vulnerabilities occur when malicious input forces a program to write data beyond allocated memory limits. This can trigger crashes, corrupt files, or, in severe cases, enable remote code execution.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals," the company stated in its security advisory published Wednesday.

The company explained: "An out-of-bounds write issue was addressed with improved bounds checking. Processing a malicious image file may result in memory corruption."

To mitigate the flaw, Apple has released patches in the following updates: iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, and macOS Ventura 13.7.8.

This zero-day affects a broad range of both old and new Apple devices, including:

While Apple has not disclosed which threat actors are behind the attacks, nor detailed how the exploit was carried out, it strongly urges all users to install the updates immediately to reduce the risk of compromise.

This marks the sixth zero-day Apple has patched in 2025, with earlier fixes addressing flaws in January (CVE-2025-24085), February (CVE-2025-24200), March (CVE-2025-24201), and two in April (CVE-2025-31200, CVE-2025-31201).

For comparison, in 2024 Apple resolved six other zero-days exploited in active attacks, spread across January, March, May, and November.