- Apple has patched a worrying security flaw exploited by threat actors
- The flaw was exploited in the notorious Paragon spyware campaign
- The campaign targeted journalists and high-profile individuals
Apple has updated iOS to patch a serious security flaw that was exploited by threat actors to target journalists and prominent members of civil society.
The Paragon spyware campaign was discovered after the zero-click attack campaign used a malicious PDF file to infect Italian journalists with malicious software from Israeli spyware firm Paragon.
“A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link,” Apple confirmed in its iOS 18.3.1 update. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
CVE-2025-43200
The patch details have only just been released, despite iOS version 18.3.1 being released in February 2025. Analysis from Citizenlab confirms the compromise of the first journalist’s device was made with Paragon’s Graphite spyware, and was made while the victim was running iOS 18.12.1.
The surveillance tool infected on devices could allegedly access messages, cameras, emails, location data, and microphones without any user action or detection – making protection against the software particularly difficult.
“Apple’s security architecture remains among the strongest in the industry,” argues Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf.
“Their rapid response with iOS 18.3.1 and continued enhancements like Lockdown Mode demonstrate their commitment to protecting users. However, as threat actors become stealthier and more targeted, there is a growing need for additional visibility and forensic capabilities to support enterprise security and high-risk individuals.”
Boynton recommends keeping devices up to date, enabling Lockdown mode on iOS devices, and enabling purpose-built security tools like malware removal software if you believe you’re at risk.
“What makes Graphite especially dangerous is its ability to operate covertly in memory, often leaving minimal artefacts on disk. It is capable of creating system-level impersonations—for example, registering hidden iMessage accounts or spoofing security features—to conceal its presence from both the user and standard detection tools. These tactics make traditional mobile security models insufficient on their own.”
