- Apple issued four waves of alerts in 2025 warning users of spyware attacks aimed at high profile people
- Cert-FF confirmed the use of advanced tools such as Pegasus and Predator, exploiting zero and click failures
- Apple notified committed users through devices and ICLOUD, while patching at least seven critical vulnerabilities
Since the beginning of March 2025, Apple, four separate occasions, alerted its users about an ongoing spyware attack.
The attacks are sophisticated and dangerous, often aimed at individuals of specific interests to different states and governments.
This is according to the National Emergency Response Team of French Computer Computing (Cert-Fr). In a new security notice, the agency said that threat actors are using an advanced spyware, such as Pegasus, Predator, Graphite or Triangulation, which is “particularly sophisticated and difficult to detect.”
Four waves of notifications
To display the spyware, the attackers often abuse zero day vulnerabilities, or even zero click failures (errors that do not require interaction of the victim who, as such, are extremely dangerous).
The objectives are high profile individuals: journalists, lawyers, activists, politicians, senior officials, members of strategic and similar sectors management committees.
Apple has been notifying the objectives directly on its devices, as well as through a notification in its Icloud account. Cert-FF also said that Apple has only been notifying the accounts that were probably already compromised: “Receiving a notification means that at least one of the devices linked to the ICloud account has been attacked and that it would be potentially compromised,” reads the announcement.
“The time between the attempt of commitment and the reception of the notification is several months, but it is still variable.”
The four waves of alerts occurred on March 5, on April 29, on June 25 and September 3.
Cert-Fr did not discuss what failures the threat actors were directed, but we know that Apple poured at least seven zero day failures this year:
- CVE-2025-24085 (Use-Detaineth Error)
- CVE-2025-24200 (Privilege Escalation)
- CVE-2025-24201 (Privilege Escalation)
- CVE-2025-31200 (memory corruption)
- CVE-2025-31201 (Local privileges escalation)
- CVE-2025-43200 (logical defect)
- CVE-2025-4330 (image failure)
One of the spyware mentioned in the report is Pegaso, designed by an Israeli cyber security company called Ngo Group. It was on the blacklist for the United States in early November 2021 due to actions contrary to the interests of national and foreign security of the United States.
Through Bleepingcomputer
