Apple has released iOS 15.8.5 and iPadOS 15.8.5 (September 15, 2025), a security-only update for legacy devices that don’t run newer iOS versions. It addresses a single ImageIO vulnerability (CVE-2025-43300) that could trigger memory corruption when processing a malicious image. Apple says there’s a report this bug may have been exploited in an extremely sophisticated, targeted attack.

Who is this for

iPhone 6s (all models)

iPhone 7 (all models)

iPhone SE (1st generation)

iPad Air 2

iPad mini (4th generation)

iPod touch (7th generation)

What’s fixed

ImageIO: out-of-bounds write, mitigated with improved bounds checking (CVE-2025-43300).

What to do

If you use one of the models above, update immediately: Settings → General → Software Update. This release keeps older hardware protected even if you’re not on Apple’s newer iOS tracks.