- Apple has published four waves of alerts in 2025 warning users of spy software attacks targeting high -level individuals
- CERT-FR confirmed the use of advanced tools like Pegasus and Predator, operating zero day and zero defects
- Apple informed users compromised via the device and iCloud, while correctly at least seven critical vulnerabilities
From the beginning of March 2025, Apple, four times, alerted its users of an attack during spy attack.
The attacks are sophisticated and dangerous, often targeting individuals of interest specific to different national states and governments.
This is according to the French Emergency Response Team of the French computer (CERT-FR). In a new security notice, the agency said that threat actors used advanced spy software, such as Pegasus, Predator, Graphite or Triangulation, which is “particularly sophisticated and difficult to detect”.
Four waves of notifications
To deploy spy software, attackers often abuse zero-day vulnerabilities, or even zero defects click (bugs which require any interaction of the victim which are, as such, extremely dangerous).
The objectives are high -level individuals: journalists, lawyers, activists, politicians, senior officials, members of the management committees of the strategic and similar sectors.
Apple warned the targets directly on their devices, as well as by a notification in their iCloud account. CERT-FR also said that Apple has only notified accounts that were probably already compromised: “Receiving a notification means that at least one of the apparatus related to the iCloud account has been targeted and would be potentially compromised,” said the ad.
“The deadline between the attempted compromise and the receipt of the notification is several months but remains variable.”
The four waves of alerts took place on March 5, April 29, June 25 and September 3.
CERT-FR has not discussed the faults that the threat actors were aiming for, but we know that Apple has corrected at least seven zero day defects this year:
- CVE-2025-24085 (use bug after without)
- CVE-2025-24200 (climbing of privileges)
- CVE-2025-24201 (climbing of privileges)
- CVE-2025-31200 (corruption of memory)
- CVE-2025-31201 (climbing of local privileges)
- CVE-2025-43200 (logic flaw)
- CVE-2025-4330 (FLAW IMAGESIO)
One of the spy software mentioned in the report is Pegasus, designed by an Israeli cybersecurity company called NGO Group. He was put on black list by the United States in early November 2021 for actions contrary to the national security of the United States and the interests of foreign policy.
Via Bleeping Compompute
