Analysis Summary

Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, addressing a critical zero-day vulnerability in the ImageIO framework. The flaw, tracked as CVE-2025-43300, is an out-of-bounds write issue that could allow attackers to execute arbitrary code on targeted devices. By enticing users to process a maliciously crafted image file, threat actors could exploit the weakness to compromise system integrity. Apple confirmed that the vulnerability has already been exploited in the wild, with attacks targeting specific individuals, making this a highly urgent update.

The vulnerability affects older devices, including the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, and early iPad Pro models. Since these models are not supported by iOS 17, Apple backported the patch to iOS/iPadOS 16.7.12, demonstrating its commitment to maintaining security protections on legacy hardware. The flaw carries a CVSS score of (High), highlighting its potential severity, as successful exploitation could lead to code execution at the kernel level through memory corruption.

Apple has mitigated this threat by enhancing bounds checking in ImageIO, ensuring that image metadata and buffer lengths are validated before processing. The exploit method, leveraging malicious images delivered via email, messaging apps, or web links, underlines the sophistication of attackers who rely on seemingly harmless file formats for intrusion. The nature of the exploit indicates it is designed for precision attacks rather than broad campaigns, further reinforcing its association with advanced threat actors.

Users are strongly advised to install the update immediately to prevent exploitation. Individual device owners can update through Settings > General > Software Update, while organizations managing fleets of devices should use MDM deployment. Apple emphasized that these patches are critical for defending against active exploitation and reminded users to remain vigilant about third-party software risks. By issuing this patch, Apple ensures that even older-generation devices remain protected against evolving cyber threats, reinforcing its proactive security posture.

Impact

• Code Execution

Indicators of Compromise

CVE

• CVE-2025-43300

Affected Vendors

Remediation

• Update devices to iOS 16.7.12 or iPadOS 16.7.12 through Settings > General > Software Update
• Use Mobile Device Management (MDM) to deploy the update across enterprise devices
• Avoid opening unsolicited or suspicious image files from email, web links, or messaging apps
• Educate users on the risks of malicious image payloads and encourage caution with unknown sources
• Monitor for unusual device behavior or attempts to deliver malicious images
• Regularly check Apple’s Product Security page for updated advisories and best practices
• Restrict sensitive activities on older devices until they are fully patched