Apple confirmed that Messages app flaw was actively exploited in the wild

Article thumbnail image

This post was originally published on Security Affairs. It can be found here.

Apple confirmed that a security flaw in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware.

Apple confirmed that a now-patched vulnerability, tracked as CVE-2025-43200, in its Messages app was actively exploited in the wild to target journalists with Paragon’s Graphite spyware.

The IT giant addressed the flaw CVE-2025-43200 on February 10, 2025, with the release of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. The same versions also addressed the WhatsApp vulnerability CVE-2025-24200 that was exploited in “extremely sophisticated” targeted attacks.

“A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link.” reads the advisory published by the company. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

The company addressed this vulnerability by implementing improved checks.

This week, Citizen Lab confirmed that Paragon’s Graphite spyware was used to hack fully updated iPhones, targeting at least two journalists in Europe. The group found forensic evidence showing the phones had communicated with the same spyware server. Apple quietly alerted the victims earlier this year, marking the first confirmed case of Paragon’s tools being used in real-world attacks.

On April 29, 2025, Apple alerted select iOS users of spyware targeting. Forensic analysis confirmed that two journalists, including Ciro Pellegrino, were infected with Paragon’s Graphite spyware. Both cases were linked to the same attacker. Apple has since patched the zero-click exploit used in the attack, now tracked the flaw as CVE-2025-43200, in iOS version 18.3.1.

Early this week, Paragon accused the Italian government of refusing its offer to help investigate spyware use against a journalist. The company said this led to its decision to end contracts in Italy. Paragon claimed it proposed a way to verify if its tools were misused, but authorities declined. This marks the first time a spyware firm publicly cut ties with a client over alleged abuse. Paragon confirmed the statement’s accuracy but declined further comment.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Graphite spyware)

This post was originally published on this site

Forum Search

Partners & Sponsors
  • University of Baltimore
  • Towson University
  • Bureau of Justice Assistance
  • National Science Foundation
LATEST FORUM POSTS
Test post2

Test Post2

By Demo User12, 2 years ago

Finding internships

Hello, Has anyone here secured any forensic related internships for 2024? I'm collecting some data and wanted to know what...

By AP Malla, 2 years ago

Beginner network forensic investigation

How should I approach network forensic? Would you recommend learning tools like WireShark?

By AP Malla, 2 years ago

Cyber Forensic Employment: High level guidelines

Understand the Basics: Know the Field: Cyber forensics involves investigating digital crimes, analyzing electronic data, and recovering hidden, deleted, or...

By AP Malla, 2 years ago

LATEST POSTS
Anubis RaaS now includes a wiper module, permanently deleting files. Active sin
Insik Group analyzed the new Predator spyware infrastructure and discovered it
Article thumbnail image
Canada’s airline WestJet has suffered a cyberattack that impactd access to so
Article thumbnail image
Security Affairs Malware newsletter includes a collection of the best articles