This flaw arises in the RawCamera.bundle, a component responsible for handling Adobe’s DNG (Digital Negative) files, and enables zero-click arbitrary code execution simply by previewing a maliciously crafted image.
Apple confirmed that the exploit has been observed in highly targeted attacks, underscoring its severity.
The vulnerability arises from a mismatch between the declared metadata in TIFF/DNG structures and the actual component count in JPEG Lossless streams, resulting in an out-of-bounds write condition.
At its core, the bug exploits inconsistencies between metadata definition and image data reality.
A malicious DNG file falsely declares two samples per pixel in its SamplesPerPixel tag while embedding JPEG Lossless data marked with only one component via its SOF3 (Start of Frame 3) marker.
When Apple’s decompression code attempts to reconcile this contradiction, it writes past allocated memory boundaries, precisely the kind of mistake that well-funded adversaries weaponize into reliable remote code execution (RCE) payloads.
The vulnerability is highly dangerous for three reasons:
| Platform / OS | Patched Version | Notes on Deployment |
|---|---|---|
| iOS / iPadOS 18 | 18.6.2 | Critical update for mobile devices |
| macOS Sequoia | 15.6.1 | Latest flagship macOS patch |
| macOS Sonoma | 14.7.8 | Security update for older Macs |
| macOS Ventura | 13.7.8 | Still maintained for enterprise users |
| iPadOS 17 | 17.7.10 | Extended update cycle |
Advisories urge administrators and individual users alike to patch immediately, given the exploit’s stealthy nature.
Patching remains the first line of defense.
Yet, the subtlety of CVE-2025-43300 necessitates additional safeguards, particularly in enterprise networks where delayed patching remains common.
Security researcher Matthieu Suiche, leveraging prior community analysis, released ELEGANT BOUNCER, an open-source Rust-based detection tool. The tool:
SamplesPerPixel = 2 but SOF3 component count = 1.Enterprises are encouraged to deploy validation pipelines for untrusted DNG files and disable automatic previews in messaging and collaboration tools where feasible.
Industry experts stress that CVE-2025-43300 is another reminder of how “complexity breeds insecurity.”
The convergence of multiple standards – TIFF, JPEG, and proprietary bundle implementations – opens unanticipated vulnerabilities even in mature ecosystems like Apple’s.
As with other zero-click vulnerabilities, the danger lies not only in its technical precision but in its ability to bypass user agency altogether.
For defenders, that means vigilance must go beyond reactive patching and toward layered defenses capable of anticipating the next elegant exploit hidden in something as ordinary as a photograph.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post PoC Released for Apple 0-Day RCE Bug – Active Exploits Confirmed appeared first on Cyber Security News.
Critical vulnerabilities in Anthropic’s Claude Code, an AI-powered command-line development tool. The flaws could allow…
A major data breach has hit Odido, one of the Netherlands’ prominent telecommunications providers, with…
Parents, alumni, students and community members packed the Quakertown Community School District school board meeting…
Before the hearing ended in theater, Lisa Beaudoin had been urging lawmakers to withhold their…
New Hampshire energy stakeholders are questioning the experience and potential conflicts of interest of Christopher…
A man was seriously injured Tuesday after a truck collided with his snowmobile in Bradford,…
This website uses cookies.