- Apple has paved a worrying security defect exploited by threat actors
- The fault was exploited in the notorious Paragon Spyware campaign
- The campaign addressed high profile journalists and individuals
Apple has updated iOS to patch a serious security defect that was exploited by threat actors to attack journalists and prominent members of civil society.
The Paragon Spyware campaign was discovered after the Click Zero attack campaign used a malicious PDF file to infect Italian journalists with malicious software of the Israeli Spyware Paragon firm.
“There was a logical problem when processing a maliciously elaborate photo or video shared through an ICLOUD link,” Apple confirmed in its IOS 18.3.1 update. “Apple is aware of a report that this problem may have been exploited in an extremely sophisticated attack against specific specific individuals.”
CVE-2025-43200
The details of the patch have just been released, despite the fact that version 18.3.1 of iOS will be launched in February 2025. Citizenlab’s analysis confirms that the journalist’s first device’s commitment was made with Paragon’s graphite software, and it was done while the victim was executing iOS 18.12.1.
The infected surveillance tool could supposedly access messages, cameras, emails, location data and microphones without any user action or detection, which makes software difficult.
“Apple’s security architecture remains among the strongest in the industry,” argues Adam Boynton, Senior Emeia Security Strategy Manager in Jamf.
“Its rapid response with iOS 18.3.1 and continuous improvements such as blocking mode demonstrate their commitment to protect users. However, as the threat actors become more stealthy and more specific, there is a growing need for additional visibility and forensic capabilities to support business security and high -risk people.”
Boynton recommends keeping devices updated, enabling the blocking mode on iOS devices and allowing specially designed safety tools such as malware elimination software if you think it is at risk.
“What makes graphite especially dangerous is its ability to operate in memory, often leaving minimal artifacts on the disc. It is capable of creating impersonations at the system level, for example, registering hidden IMessage accounts or falsification safety features, to hide their presence both of the user and standard detection tools. These tactics make the traditional mobile safety models insufficient in themselves. “
