Apple has backported fixes for a major vulnerability that was actively exploited in sophisticated spyware attacks. The flaw, identified as CVE-2025-43300, affects Apple’s ImageIO component and could be used to compromise iPhones, iPads, and Macs through malicious image files.
The vulnerability, rated with a CVSS score of 8.8, is classified as an out-of-bounds write issue. In simple terms, this means attackers could craft harmful image files that, when opened, cause memory corruption. This corruption could then be exploited to execute malicious code on the device without the user’s knowledge.
Apple confirmed that the flaw has been actively exploited in the wild. According to the company, the attack was not widespread but highly targeted, with advanced spyware used against a very limited number of individuals.
Interestingly, this attack was not limited to Apple’s ecosystem alone. WhatsApp acknowledged that one of its vulnerabilities, identified as CVE-2025-55177 (CVSS score 5.4), was chained with CVE-2025-43300. The combined exploit was used in spyware attacks targeting fewer than 200 individuals worldwide.
This shows how cybercriminals often chain vulnerabilities across different platforms to launch multi-layered, highly targeted attacks.
Apple initially patched CVE-2025-43300 in late August 2025 with the release of security updates for its modern operating systems, including:
iOS 18.6.2 and iPadOS 18.6.2
iPadOS 17.7.10
macOS Ventura 13.7.8
macOS Sonoma 14.7.8
macOS Sequoia 15.6.1
Now, to protect users on older Apple devices, the company has backported the fix. This means even devices no longer running the latest OS versions will receive security patches. The updates have been made available for:
iPhone 8, iPhone 8 Plus, iPhone X
iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch (1st gen)
iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st gen)
iPad Air 2, iPad mini (4th gen), iPod touch (7th gen)
By releasing fixes for these older versions, Apple ensures that users who cannot upgrade to the latest devices still remain protected from active threats.
Along with CVE-2025-43300, Apple rolled out patches for several other vulnerabilities across its ecosystem, including iOS 26, iPadOS 26, macOS Tahoe 26, visionOS 26, watchOS 26, Safari 26, and Xcode 26. Some notable fixes include:
CVE-2025-31255 (IOKit) – An authorization bug allowing apps to access sensitive data.
CVE-2025-43362 (LaunchServices) – A flaw that could let apps monitor keystrokes.
CVE-2025-43329 (Sandbox) – A permissions issue that could help apps escape sandbox restrictions.
CVE-2025-31254 (Safari) – A bug enabling malicious URL redirection.
CVE-2025-43272 (WebKit) – A flaw causing Safari crashes when processing harmful content.
CVE-2025-43349 (CoreAudio) – An out-of-bounds write that could crash video apps.
CVE-2025-43316 (DiskArbitration) – A permissions flaw that could give apps root privileges.
CVE-2025-43333 (Spotlight) – Another root privilege vulnerability.
CVE-2025-48384 (Xcode Git) – A remote code execution risk when cloning malicious repositories.
While Apple confirmed that none of these additional flaws are currently being exploited, the updates are strongly recommended for all users.
This incident highlights several key lessons for Apple users and the cybersecurity community:
Active Exploits Are Real – Attackers are continuously looking for new ways to infiltrate systems. CVE-2025-43300 was already being used in real-world spyware campaigns.
Targeted Attacks Are Increasing – Unlike broad malware campaigns, spyware attacks often focus on small, high-value targets, such as journalists, activists, or government officials.
Older Devices Are Still Targets – Cybercriminals don’t ignore outdated iPhones or iPads. Apple’s decision to backport patches proves the importance of securing legacy devices.
Regular Updates Are Essential – Even if your device seems safe, skipping updates leaves you vulnerable to future exploits.
If you own an iPhone, iPad, Mac, or any Apple device, you should:
Install the latest security updates immediately (check Settings > Software Update).
Avoid opening suspicious image files or links, especially from unknown sources.
Update third-party apps like WhatsApp, as attackers often chain vulnerabilities.
Enable automatic updates to stay protected without manual checks.
The exploitation of CVE-2025-43300 serves as a reminder that no device is immune to sophisticated cyberattacks. Apple’s swift action in releasing backported fixes ensures that both modern and older devices are safeguarded.
Users should not wait until attacks spread more widely—keeping devices updated is the single most effective defense against spyware and malware.
Interesting Article : Critical Samsung Android Zero-Day Vulnerability CVE-2025-21043 Patched
Pingback: Google Patches Chrome Zero-Day CVE-2025-10585 Exploited in Active Attacks