CVE-2025-43200

Warning

Media report

EPSS 0.14%
Published 16.06.2025 21:36:25
Last modified 17.06.2025 15:52:31
Source product-security@apple.com
Teams watchlist Login
Open Login

This issue was addressed with improved checks. This issue is fixed in watchOS 11.3.1, macOS Ventura 13.7.4, iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iPadOS 17.7.5, visionOS 2.3.1, macOS Sequoia 15.3.1, iOS 18.3.1 and iPadOS 18.3.1, macOS Sonoma 14.7.4. A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Affected products Warnungen 1 Metrics 2 CWE 0 References 15

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ iPadOS Version < 15.8.4

Apple ≫ iPadOS Version >= 16.0 < 16.7.11

Apple ≫ iPadOS Version >= 17.0 < 17.7.5

Apple ≫ iPadOS Version >= 18.0 < 18.3.1

Apple ≫ iPhone OS Version < 15.8.4

Apple ≫ iPhone OS Version >= 16.0 <= 16.7.11

Apple ≫ iPhone OS Version >= 17.0 <= 18.3.1

Apple ≫ macOS Version < 13.7.4

Apple ≫ macOS Version >= 14.0 < 14.7.4

Apple ≫ macOS Version >= 15.0 < 15.3.1

Apple ≫ visionOS Version < 2.3.1

Apple ≫ watchOS Version < 11.3.1

16.06.2025: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Unspecified Vulnerability

Vulnerability

Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link.

Description

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Required actions