Apple has released critical security updates for older iPhone and iPad models, addressing a zero-day vulnerability that has reportedly been exploited in sophisticated targeted attacks.
The iOS 16.7.12 and iPadOS 16.7.12 updates, released on September 15, 2025, patch a serious security flaw affecting legacy Apple devices.
Active Exploitation Confirmed
The vulnerability, tracked as CVE-2025-43300, represents a significant security concern as Apple has confirmed awareness of reports indicating the flaw has been actively exploited.
The company specifically noted that the issue “may have been exploited in an extremely sophisticated attack against specific targeted individuals,” highlighting the precision and advanced nature of these attacks.
| CVE | Component | Affected Products |
| CVE-2025-43300 | ImageIO | iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation |
The vulnerability affects the ImageIO framework, a critical component responsible for reading and writing image data across Apple’s ecosystem.
When a malicious image file is processed, the flaw can trigger memory corruption, potentially allowing attackers to execute arbitrary code or gain unauthorized system access.
The security update specifically addresses vulnerabilities in several older Apple devices that remain widely used.
Affected iPhone models include the iPhone 8, iPhone 8 Plus, and iPhone X, while vulnerable iPad variants encompass the iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
These older devices, while no longer receiving regular feature updates, continue to receive critical security patches through Apple’s extended support program.
The company maintains security support for devices that cannot run the latest iOS versions, ensuring users of legacy hardware remain protected against emerging threats.
The underlying security issue stems from an out-of-bounds write vulnerability within the ImageIO framework.
This type of vulnerability occurs when software writes data outside the allocated memory boundaries, potentially overwriting adjacent memory regions and causing system instability or security breaches.
Apple has addressed the vulnerability through improved bounds checking mechanisms that prevent unauthorized memory access.
The fix ensures that image processing operations remain within designated memory boundaries, effectively neutralizing the attack vector that malicious actors were exploiting.
Users of affected devices should immediately install the available security updates through the Settings app under General > Software Update.
The patches represent critical security fixes that protect against active exploitation attempts targeting these specific device models and firmware versions.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
