Apple: Security gap in various operating systems is under attack

There is a gaping security hole in various Apple operating systems – and attackers are already exploiting it in the wild. The manufacturer is providing updated operating system versions that patch the vulnerability. Users should ensure that they are installed.

According to Apple, the newly attacked vulnerability affects messages. “A logic error may occur when processing maliciously crafted photos or videos shared via an iCloud link,” the developers write (CVE-2025-43200 / EUVD-2025-18428, CVSS pending, risk rating currently missing). They go on to explain: “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against certain targets.” Apple solves the problem by having updated operating systems perform improved checks here.

The vulnerability entry is from Monday of this week. However, Apple already updated or published new security notifications for the various operating systems and versions on Thursday last week.

Further vulnerability abused in some operating system versions

Another security vulnerability that is mentioned in some security update notifications and has already been abused in attacks concerns the accessibility section. This concerns the USB connection of locked devices, whereby attackers were able to bypass the USB restricted mode; the abuse of this vulnerability was already known in February (CVE-2025-24200 / EUVD-2025-3671, CVSS 6.1, risk “medium”).

The following operating system versions close the newly disclosed vulnerability that has been attacked online

• iOS 16.7.11 and iPadOS 16.7.11
• iPadOS 17.7.5
• iOS 18.3.1 and iPadOS 18.3.1
• iOS 15.8.4 and iPadOS 15.8.4
• macOS Ventura 13.7.4
• macOS Sequoia 15.3.1
• macOS Sonoma 14.7.4
• watchOS 11.3.1
• visionOS 2.3.1

The US IT security authority CISA has already included the vulnerability in the catalog of exploited vulnerabilities (Known Exploited Vulnerabilities Catalogue, KEV).

(dmk)