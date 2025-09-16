  • Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
Apple backports zero-day patches to older iPhones and iPads

For those with older models, be sure to check for updates!

Apple backports zero-day patches to older iPhones and iPads

https://www.bleepingcomputer.com/ne...-zero-day-patches-to-older-iphones-and-ipads/


Apple has released security updates to backport patches released last month to older iPhones and iPads, addressing a zero-day bug that was exploited in "extremely sophisticated" attacks.

This security flaw is the same one Apple has patched for devices running iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, and macOS (Sequoia 15.6.1, Sonoma 14.7.8, and Ventura 13.7.8) on August 20.

Tracked as CVE-2025-43300, this vulnerability was discovered by Apple security researchers and is caused by an out-of-bounds write weakness in the Image I/O framework, which enables apps to read and write image file formats.

An out-of-bounds write occurs when attackers supply maliciously crafted input to a program that causes it to write data outside the allocated memory buffer, potentially triggering crashes, corrupting data, or even allowing remote code execution.

Apple has now addressed this zero-day flaw in iOS 15.8.5 / 16.7.12, as well as iPadOS 15.8.5 / 16.7.12, with improved bounds checks.

"Processing a malicious image file may result in memory corruption. An out-of-bounds write issue was addressed with improved bounds checking," the company said in Monday advisories.

"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."

The list of devices impacted by this vulnerability is quite extensive, with the bug affecting a wide range of older models, including:

  • iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPhone 8, iPhone 8 Plus, and iPhone X,
  • iPad Air 2, iPad mini (4th generation), iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, and iPod touch (7th generation)
In late August, WhatsApp patched a zero-click vulnerability (CVE-2025-55177) in its iOS and macOS messaging clients, which was chained with Apple's CVE-2025-43300 zero-day in targeted attacks that the company described as "extremely sophisticated."

While Apple and WhatsApp have yet to release any details regarding the attacks chaining the two vulnerabilities, Donncha Ó Cearbhaill, the head of Amnesty International's Security Lab, said that WhatsApp warned some of its users that their devices were targeted in an advanced spyware campaign.

Last week, Samsung also patched a remote code execution vulnerability chained with the CVE-2025-55177 WhatsApp flaw in zero-day attacks targeting its Android devices.

With this vulnerability, Apple fixed six zero-days that were exploited in the wild in 2025: the first in January (CVE-2025-24085), the second in February (CVE-2025-24200), a third in March (CVE-2025-24201), and two more in April(CVE-2025-31200 and CVE-2025-31201).
This is one of the reasons I appreciate Apple's software update approach.

Not that Google never does this, but Apple has a good reputation for patching serious security issues on older devices (if later than I'd like). Think about it: there's someone holding on to their 2015-era iPhone 6s that can keep it for a little longer if they're concerned about these vulnerabilities.

It's not quite Microsoft-level support, but then Microsoft also has a problem in the other direction where there are unrealistic expectations for support (you will patch our 20-year-old Windows install to make sure we can run 30-year-old software!).
 
