- Apple has corrected a disturbing security flaw exploited by threat actors
- The defect was used in the notorious of the Paragon Spyware campaign
- The campaign has targeted high -level journalists and individuals
Apple has updated iOS to correct a serious security failure that was exploited by threat actors to target journalists and eminent members of civil society.
The Paragon Spyware campaign was discovered after the zero-click attack campaign used a malicious PDF file to infect Italian journalists with malware from the Israeli SPYDROME Paragon Software Company.
“A logic problem existed when processing a photo or craft video in a malicious manner shared via an iCloud link,” confirmed Apple in its iOS 18.3.1 update. “Apple is aware of a report that this problem may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
CVE-2025-43200
The details of the patch have just been released, despite the release of version 18.3.1 iOS in February 2025. Citizenlab’s analysis confirms that the compromise of the apparatus of the first journalist was done with the spy software in paragon graphite and was made while the victim executed iOS 18.12.1.
The infected monitoring tool on devices could allegedly access messages, cameras, emails, location data and microphones without any action or user detection – making protection against software particularly difficult.
“Apple’s security architecture remains among the strongest in industry,” says Adam Boynton, principal director of EMIA security strategy at Jamf.
“Their rapid response with iOS 18.3.1 and continuous improvements such as locking mode demonstrate their commitment to protecting users. However, as threat actors become more stealthy and more targeted, there is an increasing need for additional visibility and forensic capacities to support the safety of businesses and high-risk people. ”
Boynton recommends keeping devices up to date, activating locking mode on iOS devices and activating safety tools built for malware if you believe you are in danger.
“What makes graphite particularly dangerous is its ability to work secretly in memory, often leaving minimum artefacts on the disc. He is able to create imitations at the system level – for example, the recording of hidden iMessage accounts or the safety functionalities of the usurpation – to hide its presence both from the user and standard detection tools.
