Apple Fixes 0-Day Vulnerabilities Affecting Older iPhones and iPads

Apple has released iOS 16.7.12 and iPadOS 16.7.12 to address a critical out-of-bounds write vulnerability in the ImageIO component affecting older iPhone and iPad models.

The flaw, tracked as CVE-2025-43300, may have been exploited in targeted attacks, prompting Apple to deliver improved bounds checking to eliminate the risk.

Security Content and Affected Devices

Apple published its security updates for iOS 16.7.12 and iPadOS 16.7.12, covering devices no longer supported by iOS 17.

This release is part of Apple’s ongoing commitment to protect users by quietly investigating and resolving vulnerabilities before public disclosure.

The update applies to iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.

Apple specifically highlights an ImageIO memory corruption issue that could lead to arbitrary code execution when processing a maliciously crafted image.

The out-of-bounds write vulnerability was discovered through Apple’s internal security testing and corroborated by external reports indicating possible exploitation in sophisticated, targeted campaigns.

Although details remain scarce, Apple confirms that the flaw may have already been used against specific individuals, underscoring the importance of applying the update immediately.

Users of older devices are advised to install iOS 16.7.12 or iPadOS 16.7.12 without delay to mitigate any lingering threat.

Details of CVE-2025-43300

Apple’s security documentation maintains a strict policy of refraining from disclosing vulnerability specifics until patches are available.

By referencing CVE identifiers, Apple enables security researchers and administrators to track issues across platforms.

This update addresses CVE-2025-43300 by implementing improved bounds checking within the ImageIO framework.

Bounds checking enhancements prevent memory corruption that could otherwise allow attackers to execute arbitrary code in the context of the kernel or application accorded elevated privileges.

For comprehensive security details, Apple directs users to the Apple Security Releases page and the Apple Product Security portal.

The former provides a chronological list of security patches and associated CVE numbers, while the latter offers insight into Apple’s overall approach to vulnerability management, including responsible disclosure guidelines and coordination with third-party researchers.

Although older devices may not receive feature updates beyond iOS 16 and iPadOS 16, Apple continues to backport critical fixes for severe vulnerabilities.

Users still operating on these legacy platforms should connect to Wi-Fi, navigate to Settings > General > Software Update, and apply the corresponding patch.

Enterprise administrators managing fleets of older devices should integrate the new builds into their mobile device management workflows to ensure timely deployment.

Remaining vigilant against phishing or suspicious attachments remains crucial, especially given that image-based exploits can be delivered through seemingly innocuous channels such as messaging apps or email.

By combining regular updates with cautious user behavior, the risk from advanced, targeted exploits can be minimized.

Apple’s steady cadence of security maintenance—even for legacy hardware—reinforces its commitment to user safety and enterprise reliability.

Installing iOS 16.7.12 and iPadOS 16.7.12 will ensure that older iPhones and iPads continue to receive essential defenses against emerging threats.

Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates