Particle.news
Download on the App Store
7 ARTICLES
·
3w ago

Apple Backports Image I/O Zero‑Day Fix to Older iPhones and iPads

The update addresses an actively exploited Image I/O flaw used with a WhatsApp bug to enable zero‑click compromises.

Image
Image
Image
Image

Overview

  • Apple released iOS/iPadOS 16.7.12 and 15.8.5 to patch CVE-2025-43300 on legacy devices including iPhone 6s through iPhone X, first‑gen iPhone SE, older iPads, and iPod touch 7.
  • CVE-2025-43300 is an out‑of‑bounds write in Image I/O that can trigger memory corruption from a malicious image and enable remote code execution.
  • Apple said the vulnerability was reported as exploited in extremely sophisticated attacks against specific targeted individuals.
  • WhatsApp previously fixed CVE-2025-55177 in its iOS and macOS clients that was chained with the Apple bug in highly targeted spyware operations, with fewer than 200 users notified according to reports.
  • The backports ship alongside broader OS releases addressing additional CVEs across iOS, iPadOS, macOS, watchOS, tvOS, visionOS, Safari, and Xcode, with no evidence those other flaws have been used in real‑world attacks.