"Processing a malicious image file may result in memory corruption,"
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."
"in a sophisticated attack against specific targeted users."
"Early indications are that the WhatsApp attack is impacting both iPhone and Android users, civil society individuals among them,"
Apple patched CVE-2025-43300 in the ImageIO framework, addressing an out-of-bounds write that can cause memory corruption when processing malicious image files. The fix was backported to older devices including iPhone 8, 8 Plus, X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation. Apple reported awareness of possible exploitation in extremely sophisticated targeted attacks. Meta warned that attackers may have chained a WhatsApp bug (CVE-2025-55177) with the OS-level flaw in sophisticated targeted attacks. Security alerts and timing suggest commercial surveillanceware vendors may be responsible. Amnesty International's Security Lab reported investigations into zero-click WhatsApp exploits affecting civil society individuals.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]