3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
Apple has released a security update for many older iPhone and iPad models. This update includes a critical security fix, for a zero-day threat.
This security update completely went under my radar because I was focusing on iOS 26 and didn't check Apple's security releases page. Speaking of which iOS 26, iPadOS 26, macOS Tahoe 26 all ship with a bunch of new security fixes.
Anyway, let's get back to the update for older devices, the vulnerability in question is tracked under CVE-2025-43300. What's interesting about this is that it is the same as the one I wrote about last month. Apple patched a zero-day threat in iOS, iPadOS and macOS on August 20, with the release of iOS 18.6.2, iPadOS 18.6.2, and macOS Sequoia 15.6.1, macOS Sonoma 14.7.8 and macOS Ventura 13.7.8.
Bleeping Computer spotted some security advisories on Apple's website that highlighted the release of iOS 15.8.5, iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12 to patch the vulnerability. Here's a brief description of the issue, processing a malicious image file may result in memory corruption. For instance, a photo with spyware code could lead to a targeted attack. Apple says it patched an out-of-bounds write issue with improved bounds checking. The release notes mentions that "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals." As I said, that is a sophisticated mercenary spyware attack targeting individuals like journalists, activists, etc.
The iOS 16.7.12 update is available for the Phone 8, iPhone 8 Plus, and iPhone X, while the iOS 15.8.5 update is available for iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), and iPod touch (7th generation). iPadOS 16.7.12 is available for the iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation, while iPadOS 15.8.5 is available for the iPad Air 2, iPad Mini (4th generation).
It's good to see Apple patching security issues on devices that are nearly ten years old, the iPhone 7 was launched in 2016. Earlier this month, WhatsApp fixed a zero-click vulnerability in iOS and macOS that was used in similar attacks.
Hope you enjoyed this news post. Feedback welcome.
Posted Thursday 18 September 2025 at 4:33 am AEST (my time).
News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of August): 4,048
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.