Overview
- Apple released iOS 16.7.12 and 15.8.5, and corresponding iPadOS versions, to patch CVE-2025-43300 on devices as old as iPhone 6s, iPhone 7, iPhone 8, iPhone X, early iPads, and iPod touch (7th gen).
- CVE-2025-43300 is an out-of-bounds write in Image I/O that can corrupt memory when processing a malicious image, with Apple noting in-the-wild use against specific individuals.
- WhatsApp confirmed its client flaw CVE-2025-55177 was chained with the Apple bug in highly targeted spyware attacks affecting fewer than 200 users.
- Apple also shipped broader updates — including iOS and iPadOS 26 and macOS 26 — that fix dozens of additional vulnerabilities, with no evidence those newly disclosed issues are under active attack.
- Samsung separately patched a similar image-parsing zero-day on Android after confirming exploitation, while Amnesty’s Security Lab said it is investigating cases affecting both iPhone and Android users.