Full Report
Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in "extremely sophisticated" attacks. [...]
Analysis Summary
# Vulnerability: Out-of-Bounds Write in Apple Image I/O Framework (Backported Zero-Day)
## CVE Details
- CVE ID: CVE-2025-43300
- CVSS Score: Not explicitly provided, but described as part of an "extremely sophisticated attack" against targeted individuals.
- CWE: CWE-787 (Out-of-bounds Write)
## Affected Systems
- Products: iOS, iPadOS
- Versions:
- Devices originally patched with iOS 18.6.2, iPadOS 18.6.2, iPadOS 17.7.10, macOS (Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8) are confirmed patched.
- Devices receiving the backported patch for older systems:
- iOS 15.8.5 / iPadOS 15.8.5
- iOS 16.7.12 / iPadOS 16.7.12
- Configurations: Any configuration capable of processing a malicious image file via the Image I/O framework.
- Specifically impacted older hardware models include: iPhone 6s series, iPhone 7 series, iPhone SE (1st gen), iPhone 8/8 Plus, iPhone X, iPad Air 2, iPad mini (4th gen), iPad 5th gen, iPad Pro 9.7-inch, iPad Pro 12.9-inch (1st gen), and iPod touch (7th generation).
## Vulnerability Description
The vulnerability is an **Out-of-bounds write** weakness within the **Image I/O framework**, which is responsible for reading and writing image file formats on Apple devices. An attacker can exploit this by supplying a maliciously crafted image file to the system. This flaw allows the attacker to write data outside the allocated memory buffer, leading to memory corruption, potential data corruption, or possible remote code execution (RCE).
## Exploitation
- Status: **Exploited in the wild** (Used in an "extremely sophisticated attack" against specific targeted individuals).
- Complexity: High (Implied by the description of the attack chain).
- Attack Vector: Network (Likely via sending the malicious image file to an application capable of processing it, possibly chained with another vulnerability, such as CVE-2025-55177 in WhatsApp).
## Impact
- Confidentiality: Potential (Depending on RCE)
- Integrity: High (Memory corruption, data corruption)
- Availability: High (Potential for denial of service or system compromise)
## Remediation
### Patches
Apple has released backported patches to address the zero-day flaw:
- **iOS 15.8.5**
- **iPadOS 15.8.5**
- **iOS 16.7.12**
- **iPadOS 16.7.12**
### Workarounds
No specific workarounds were detailed in the source, but applying the available security updates is the definitive fix. Users are advised to **immediately update** their devices to the patched versions.
## Detection
- Indicators of compromise: Mention of being targeted by an advanced spyware campaign (in conjunction with the WhatsApp vulnerability CVE-2025-55177).
- Detection methods and tools: The source does not specify IoCs, but security monitoring for unusual process behavior following image file processing on older systems bearing the listed hardware models is recommended pending threat intelligence updates.
## References
- Vendor Advisories: [support dot apple dot com/en-us/125142], [support dot apple dot com/en-us/125141]
- Relevant links: bleepingcomputer dot com/news/security/apple-backports-zero-day-patches-to-older-iphones-and-ipads/