Quote:Apple has released a security update for many older iPhone and iPad models. This update includes a critical security fix, for a zero-day threat.

This security update completely went under my radar because I was focusing on iOS 26 and didn't check Apple's security releases page. Speaking of which iOS 26, iPadOS 26, macOS Tahoe 26 all ship with a bunch of new security fixes.

Anyway, let's get back to the update for older devices, the vulnerability in question is tracked under CVE-2025-43300. What's interesting about this is that it is the same as the one I wrote about last month. Apple patched a zero-day threat in iOS, iPadOS and macOS on August 20, with the release of iOS 18.6.2, iPadOS 18.6.2, and macOS Sequoia 15.6.1, macOS Sonoma 14.7.8 and macOS Ventura 13.7.8.

Bleeping Computer spotted some security advisories on Apple's website that highlighted the release of iOS 15.8.5, iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12 to patch the vulnerability. Here's a brief description of the issue, processing a malicious image file may result in memory corruption. For instance, a photo with spyware code could lead to a targeted attack. Apple says it patched an out-of-bounds write issue with improved bounds checking. The release notes mentions that "Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals." As I said, that is a sophisticated mercenary spyware attack targeting individuals like journalists, activists, etc.

Continue Reading...