# Apple 0-day Likely Used in Spy Attacks: Affected Devices as Old as iPhone 8 May Have Been Compromised
In a move that highlights the ever-evolving threat landscape, tech giants Apple and Meta have issued security updates to address a critical 0-day vulnerability that could potentially be exploited by malicious actors. This latest development is particularly concerning given the involvement of "extremely sophisticated" attacks against specific targeted individuals.
## A Critical Flaw in ImageIO Framework
The vulnerability, tracked as CVE-2025-43300, lies within Apple's ImageIO framework, which allows applications to read and write image file formats. The issue is an out-of-bounds write that can lead to memory corruption when processing a malicious image file. In a statement, Apple acknowledged the flaw and backported a fix for older iPhones and iPads, including models as old as the iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation, iPad Pro 9.7-inch, and iPad Pro 12.9-inch 1st generation.
## Exploitation and Implications
Apple's warning suggests that this issue may have been exploited in "extremely sophisticated" attacks against specific targeted individuals. The company emphasized the potential for malicious activity when processing a malicious image file, highlighting the severity of the vulnerability. Meta has also issued a security advisory warning about the possibility of chaining a WhatsApp bug (CVE-2025-55177) with this Apple OS-level flaw and "in a sophisticated attack against specific targeted users."
## A Commercial Surveillanceware Vendor at Play
While neither Apple nor Meta disclosed details about who was exploiting these vulnerabilities or to what end, both security alerts point towards a commercial surveillanceware vendor being responsible. Law enforcement and governments frequently use surveillanceware to spy on foreign adversaries, criminals, political opponents, journalists, and activists.
## Amnesty International Sounds the Alarm
Around the same time as Apple and Meta's zero-day disclosures, Donncha Ó Cearbhaill, the head of Amnesty International's Security Lab, sounded the alarm about a zero-click exploit being used to hack WhatsApp users. "Early indications are that the WhatsApp attack is impacting both iPhone and Android users, civil society individuals among them," he said on social media. "Our team at Amnesty International's Security Lab is actively investigating cases with a number of individuals targeted in this campaign."
## Another Vulnerability Exposed
Just last week, Samsung fixed a critical flaw exploited as a zero-day in its Android devices that sounds just like the Apple and WhatsApp issues. The vulnerability, tracked as CVE-2025-21043, affects Android OS versions 13, 14, 15, and 16 due to an out-of-bounds write vulnerability in libimagecodec.quram.so, a parsing library used to process image formats on Samsung devices. "Samsung was notified that an exploit for this issue has existed in the wild," the electronics giant noted.
## The Importance of Vigilance
The revelation highlights the importance of vigilance and regular software updates from tech giants. As threats continue to evolve and become increasingly sophisticated, it is crucial for individuals and organizations to prioritize security and take proactive steps to protect themselves.