Apple has released iOS 16.7.12 and iPadOS 16.7.12 on September 15, 2025, delivering critical security updates to older-generation devices.
The patches address a zero-day flaw in the ImageIO framework that could allow an attacker to execute arbitrary code by enticing a user to process a malicious image file.
Apple confirms awareness of a sophisticated exploit targeting specific individuals, underscoring the importance of immediate installation.
Key Takeaways
1. iOS/iPadOS 16.7.12 fixes CVE-2025-43300, an ImageIO zero-day.
2. Malicious images enabled arbitrary code execution in targeted attacks.
3. Update iPhone 8/X and early iPads now.
Out-of-Bounds Write in ImageIO (CVE-2025-43300)
The update resolves CVE-2025-43300, an out-of-bounds write issue in the ImageIO component present on iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
This vulnerability arises when ImageIO fails to correctly validate image file boundaries, potentially leading to memory corruption. By sending a specially crafted image via email, web link, or messaging app, an attacker could trigger the flaw and gain code execution privileges at the kernel level.
Apple mitigated this risk through improved bounds checking, effectively sanitizing image metadata and validating buffer lengths before processing.
The exploit’s sophistication suggests use in highly targeted attacks, where threat actors deliver malicious payloads through legitimate communication channels.
Because this vulnerability affects devices no longer eligible for full iOS 17 support, Apple’s backporting of the patch to iOS 16.7.12 and iPadOS 16.7.12 demonstrates its commitment to securing older hardware.
| Risk Factors | Details |
| Affected Products | iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch (1st gen) |
| Impact | Arbitrary code execution |
| Exploit Prerequisites | Processing a maliciously crafted image file (user interaction required) |
| CVSS 3.1 Score | 8.8 (High) |
Apple’s Security Update
For iOS 16.7.12 and iPadOS 16.7.12, the focus remains on preventing malicious image processing attacks that could compromise system integrity.
Users are urged to update their devices promptly. To install iOS 16.7.12 or iPadOS 16.7.12, navigate to Settings > General > Software Update, then follow the on-screen instructions.
Administrators managing multiple devices may deploy the update via mobile device management (MDM) solutions.
Apple also reminds customers that third-party software references are provided without endorsement, and users should consult respective vendors for non-Apple products.
Security professionals can review the Apple Product Security page for general guidance and best practices.
By proactively issuing this patch, Apple safeguards legacy devices against active zero-day threats, ensuring that even older hardware remains resilient against evolving attack techniques.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
