Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild.
The vulnerability in question is CVE-2025-43300 (CVSS score: 8.8), an out-of-bounds write issue in the ImageIO component that could result in memory corruption when processing a malicious image file.
“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company said.
Since then, WhatsApp has acknowledged that a vulnerability in its messaging apps for Apple iOS and macOS (CVE-2025-55177, CVSS score: 5.4) had been chained with CVE-2025-43300 as part of highly-targeted spyware attacks aimed at less than 200 individuals.
While the shortcoming was first addressed by the iPhone maker late last month with the release of iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Ventura 13.7.8, macOS Sonoma 14.7.8, and macOS Sequoia 15.6.1, it has also been released for the following older versions –
- iOS 16.7.12 and iPadOS 16.7.12 – iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation
- iOS 15.8.5 and iPadOS 15.8.5 – iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPad Air 2, iPad mini (4th generation), and iPod touch (7th generation)
The updates have been rolled out alongside iOS 26, iPadOS 26, iOS 18.7, iPadOS 18.7, macOS Tahoe 26, macOS Sequoia 15.7, macOS Sonoma 14.8, tvOS 26, visionOS 26, watchOS 26, Safari 26, and Xcode 26, which also address a number of other security flaws –
- CVE-2025-31255 – An authorization vulnerability in IOKit that could allow an app to access sensitive data
- CVE-2025-43362 – A vulnerability in LaunchServices that could allow an app to monitor keystrokes without user permission
- CVE-2025-43329 – A permissions vulnerability in Sandbox that could allow an app to break out of its sandbox
- CVE-2025-31254 – A vulnerability in Safari that could result in unexpected URL redirection when processing maliciously crafted web content
- CVE-2025-43272 – A vulnerability in WebKit that could result in unexpected Safari crash when processing maliciously crafted web content
- CVE-2025-43285 – A permissions vulnerability in AppSandbox that could allow an app to access protected user data
- CVE-2025-43349 – An out-of-bounds write issue in CoreAudio that could result in unexpected app termination when processing a maliciously crafted video file
- CVE-2025-43316 – A permissions vulnerability in DiskArbitration that could allow an app to gain root privileges
- CVE-2025-43297 – A type confusion vulnerability in Power Management that could result in a denial-of-service
- CVE-2025-43204 – A vulnerability in RemoteViewServices that could allow an app to break out of its sandbox
- CVE-2025-43358 – A permissions vulnerability in Shortcuts that could allow a shortcut to bypass sandbox restrictions
- CVE-2025-43333 – A…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
