Apple has launched iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering crucial safety updates to older-generation units.
The patches deal with a zero-day flaw within the ImageIO framework that would permit an attacker to execute arbitrary code by engaging a person to course of a malicious picture file.
Apple confirms consciousness of a classy exploit concentrating on particular people, underscoring the significance of instant set up.
Key Takeaways1. iOS/iPadOS 16.7.12 fixes CVE-2025-43300, an ImageIO zero-day.2. Malicious pictures enabled arbitrary code execution in focused assaults.3. Replace iPhone 8/X and early iPads now.
Out-of-Bounds Write in ImageIO (CVE-2025-43300)
The replace resolves CVE-2025-43300, an out-of-bounds write problem within the ImageIO part current on iPhone 8, iPhone 8 Plus, iPhone X, iPad fifth era, iPad Professional 9.7-inch, and iPad Professional 12.9-inch 1st era.
This vulnerability arises when ImageIO fails to appropriately validate picture file boundaries, probably resulting in reminiscence corruption. By sending a specifically crafted picture by way of e mail, net hyperlink, or messaging app, an attacker might set off the flaw and achieve code execution privileges on the kernel stage.
Apple mitigated this danger by improved bounds checking, successfully sanitizing picture metadata and validating buffer lengths earlier than processing.
The exploit’s sophistication suggests use in extremely focused assaults, the place menace actors ship malicious payloads by legit communication channels.
As a result of this vulnerability impacts units not eligible for full iOS 17 help, Apple’s backporting of the patch to iOS 16.7.12 and iPadOS 16.7.12 demonstrates its dedication to securing older {hardware}.
Danger FactorsDetailsAffected ProductsiPhone 8, iPhone 8 Plus, iPhone X, iPad fifth era, iPad Professional 9.7-inch, iPad Professional 12.9-inch (1st gen)ImpactArbitrary code executionExploit PrerequisitesProcessing a maliciously crafted picture file (person interplay required)CVSS 3.1 Score8.8 (Excessive)
Apple’s Safety Replace
For iOS 16.7.12 and iPadOS 16.7.12, the main target stays on stopping malicious picture processing assaults that would compromise system integrity.
Customers are urged to replace their units promptly. To put in iOS 16.7.12 or iPadOS 16.7.12, navigate to Settings > Normal > Software program Replace, then observe the on-screen directions.
Directors managing a number of units might deploy the replace by way of cellular machine administration (MDM) options.
Apple additionally reminds clients that third-party software program references are supplied with out endorsement, and customers ought to seek the advice of respective distributors for non-Apple merchandise.
Safety professionals can evaluate the Apple Product Safety web page for basic steerage and greatest practices.
By proactively issuing this patch, Apple safeguards legacy units in opposition to energetic zero-day threats, guaranteeing that even older {hardware} stays resilient in opposition to evolving assault strategies.
Discover this Story Fascinating! Comply with us on Google Information, LinkedIn, and X to Get Extra Prompt Updates.
