CVE-2025-43300的在野利用代码.# CVE-2025-43300的在野利用代码
- CVE-2025-43300 是苹果 iOS、iPadOS 和 macOS 中 Image I/O 框架的一个“越界写入(out-of-bounds write)”零日漏洞。其基本原理是攻击者通过构造一张特制的恶意图片文件,诱使目标设备处理这张图片时触发越界写入,导致内存破坏。这种内存破坏可被利用以执行任意代码,实现远程代码执行(RCE),即攻击者能在受影响设备上以高权限执行任意命令。
- 该漏洞存在于苹果设备处理图像文件时的边界检查不严谨,攻击者通过精心设计的图片越界写入内存中的敏感区域,进而植入恶意代码。目前已有针对特定个人的高度复杂攻击报告,这意味着攻击者可能利用此漏洞植入间谍软件或进行定向攻击。
## 攻击POC
- 私()
## 参考资料
- https://www.theregister.com/2025/08/21/apple_imageio_exploit/
- https://www.securityweek.com/apple-patches-zero-day-exploited-in-targeted-attacks/
- https://www.malwarebytes.com/blog/news/2025/08/all-apple-users-should-update-after-company-patches-zero-day-vulnerability-in-all-platforms
- https://www.cisa.gov/news-events/alerts/2025/08/21/cisa-adds-one-known-exploited-vulnerability-catalog
- https://thehackernews.com/2025/08/apple-patches-cve-2025-43300-zero-day.html
- https://cyberscoop.com/apple-zero-day-ios-macos-ipados-august-2025/
- https://www.helpnetsecurity.com/2025/08/20/apple-zero-day-vulnerability-exploited-in-extremely-sophisticated-attack-cve-2025-43300/
- https://www.bleepingcomputer.com/news/apple/apple-emergency-updates-fix-new-actively-exploited-zero-day/
[4.0K] /data/pocs/918785e1330ba36490fafb9f0c0818b4e24f2179
├── [ 11K] LICENSE
└── [1.6K] README.md
0 directories, 2 files