![\"Apple\"](\"https:\/\/www.newsbeep.com\/us\/wp-content\/uploads\/2025\/09\/apple_triangle.jpg\")
<\/p>\n<\/p>\n
\u200bApple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in “extremely sophisticated” attacks.<\/p>\n
This security flaw is the same one Apple has patched<\/a> for devices running iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, and macOS (Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8) on August 20.<\/p>\n Tracked as CVE-2025-43300<\/a>, this vulnerability was discovered by Apple security researchers and is caused by an out-of-bounds write weakness <\/a>in the Image I\/O framework, which enables apps to read and write image file formats.<\/p>\n An out-of-bounds write occurs when attackers supply maliciously crafted input to a program that causes it to write data outside the allocated memory buffer, potentially triggering crashes, corrupting data, or even allowing remote code execution.<\/p>\n Apple has now addressed this zero-day flaw in iOS 15.8.5 \/ 16.7.12, as well as iPadOS 15.8.5 \/ 16.7.12, with improved bounds checks.<\/p>\n “Processing a malicious image file may result in memory corruption. An out-of-bounds write issue was addressed with improved bounds checking,” the company said in Monday<\/a> advisories<\/a>.<\/p>\n “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”<\/p>\n The list of devices impacted by this vulnerability is quite extensive, with the bug affecting a wide range of older models, including:<\/p>\n iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPhone 8, iPhone 8 Plus, and iPhone X,
In late August, WhatsApp patched a zero-click vulnerability<\/a> (CVE-2025-55177) in its iOS and macOS messaging clients, which was chained with Apple’s CVE-2025-43300 zero-day in targeted attacks that the company described as “extremely sophisticated.”<\/p>\n While Apple and WhatsApp have yet to release any details regarding the attacks chaining the two vulnerabilities, Donncha \u00d3 Cearbhaill, the head of Amnesty International’s Security Lab, said<\/a> that WhatsApp warned some of its users that their devices were targeted in an advanced spyware campaign.<\/p>\n Last week, Samsung also patched a remote code execution vulnerability<\/a> chained with the CVE-2025-55177 WhatsApp flaw in zero-day attacks targeting its Android devices.<\/p>\n With this vulnerability, Apple fixed six zero-days that were exploited in the wild in 2025: the first in January<\/a> (CVE-2025-24085), the second in February<\/a> (CVE-2025-24200), a third in March<\/a> (CVE-2025-24201), and two more in April<\/a>(CVE-2025-31200 and CVE-2025-31201).<\/p>\n
\n\tiPad Air 2, iPad mini (4th generation), iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, and iPod touch (7th generation)
<\/p>\n
![\"Picus](\"https:\/\/www.newsbeep.com\/us\/wp-content\/uploads\/2025\/08\/blue-report-2025.jpg\")