Apple has released new security updates for older iPhones and iPads to patch a zero-day vulnerability that was actively exploited in highly targeted attacks.
The flaw, tracked as CVE-2025-43300, affects the Image I/O framework, which handles image file formats on Apple devices.
The bug, an out-of-bounds write issue, could let attackers craft malicious image files that cause memory corruption, crashes, or even remote code execution. Apple confirmed that the flaw was exploited in “extremely sophisticated” attacks against specific individuals.
The fix comes through updates to iOS 15.8.5 / 16.7.12 and iPadOS 15.8.5 / 16.7.12, bringing older devices in line with patches released last month for iOS 18, iPadOS 18/17, and macOS Ventura, Sonoma, and Sequoia.
Impacted devices include:
- iPhone 6s, 7, SE (1st gen), 8, 8 Plus, and X
- iPad Air 2, iPad mini 4, iPad 5th gen, iPad Pro 9.7-inch, iPad Pro 12.9-inch (1st gen)
- iPod touch (7th gen)
The flaw was reportedly chained with a WhatsApp zero-click vulnerability (CVE-2025-55177) in a spyware campaign. Amnesty International’s Security Lab said WhatsApp notified some users that they were targeted. Samsung also patched a related Android vulnerability last week.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
This marks the sixth zero-day exploited against Apple devices in 2025, following similar fixes in January, February, March, and April. Apple advises all users of older devices to install the latest updates immediately.
