The patch affects both newer and older iPhones, iPads, and related devices, including those not running the very latest version of Apple operating systems. The company warns that since this flaw may have been actively abused in the wild, all users, especially older models, should install the update immediately.
Patch back-ported to older devices
CVE-2025-43300 received a critical severity rating (CVSS 8.8 out of 10) and was patched in iOS 18.6.2 and iPadOS 18.6.2 last month. On Monday, Apple extended the patch to earlier EOL builds against reports of active exploitation.
The affected module, Apple’s ImageIO, is the framework responsible for reading, writing, or otherwise processing images in many iOS/iPadOS applications. The vulnerability occurs when certain malicious image files are handled–the system performs out-of-bounds writes because existing bounds validation is insufficient.
