Apple backported a fix to older iPhones and iPads for a serious bug it patched last month – but only after it may have been exploited in what the company calls “extremely sophisticated” attacks.
The latest security update, pushed on Monday, fixes an out-of-bounds write issue tracked as CVE-2025-43300 in the ImageIO framework, which Apple uses to allow applications to read and write image file formats. It’s available for iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation, and the iThings maker on August 20 patched the same CVE in its newer devices.
“Processing a malicious image file may result in memory corruption,” the company said last month and again on Monday about the flaw. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
Also in August, Meta issued its own security advisory warning that attackers may have chained a WhatsApp bug (CVE-2025-55177) with this Apple OS-level flaw and “in a sophisticated attack against specific targeted users.”
While neither tech giant said who was exploiting these vulnerabilities and to what end, both of their security alerts suggest a commercial surveillanceware vendor is to blame. Law enforcement and governments most often use surveillanceware to spy on foreign adversaries, criminals, political opponents, journalists, and activists.
Plus, around the same time as Apple and Meta’s zero-day disclosures, Donncha Ó Cearbhaill, the head of Amnesty International’s Security Lab, also sounded the alarm on a zero-click exploit being used to hack WhatsApp users.
“Early indications are that the WhatsApp attack is impacting both iPhone and Android users, civil society individuals among them,” he said on social media. “Our team at Amnesty International’s Security Lab is actively investigating cases with a number of individuals targeted in this campaign.”
Then last week, Samsung fixed a critical flaw exploited as a zero-day in its Android devices that sounds just like the Apple and WhatsApp issues.
The vulnerability, tracked as CVE-2025-21043, affects Android OS versions 13, 14, 15, and 16. It’s due to an out-of-bounds write vulnerability in libimagecodec.quram.so, a parsing library used to process image formats on Samsung devices, which remote attackers can abuse to execute malicious code.
“Samsung was notified that an exploit for this issue has existed in the wild,” the electronics giant noted. ®