OneKey Founder: 0day vulnerability found in Apple devices, users are advised to upgrade their device systems to the latest version as soon as possible

ChainCatcher message, OneKey founder Yishi posted a warning on platform X, advising users to upgrade their iOS and macOS to the latest version as soon as possible. Apple has a high-risk 0-day vulnerability in the wild, which is not a PoC; it is being used to exploit CVE-2025-43300. The vulnerability works by sending a specially crafted image to the user, which can lead to out-of-bounds read and write of the user's device memory, potentially resulting in direct remote RCE. There are already reports of payloads being executed.

In the comments, a user used Grok for verification, and Grok replied: "CVE-2025-43300 is a real Apple zero-day vulnerability affecting iOS, iPadOS, and macOS. Processing malicious images can lead to out-of-bounds writes and potential remote code execution. Apple has confirmed reports of sophisticated attacks targeting specific individuals and released an update in August 2025 to fix it (e.g., iOS 18.6.2). Immediate updates are recommended. Source: Apple Support page, NVD, and security reports."