- Apple issued four waves of warnings in 2025 warning users of spyware attacks targeting high-profile individuals
- Cert-FR confirmed the use of advanced tools such as Pegasus and Predator who took advantage of zero-day and zero-click-by-click
- Apple notified compromised users via device and icloud while patching at least seven critical vulnerabilities
From the beginning of March 2025, Apple has warned its users on a running spyware attack on four separate occasions.
The attacks are sophisticated and dangerous and are often targeted at individuals of specific interests against different nation states and governments.
This is according to the French national computer’s emergency team (Cert-FR). In a new security advice, the agency said threat actors use advanced spyware, such as Pegasus, Predator, Graphite or Triangulation, which is “especially sophisticated and difficult to detect”.
Four waves of notifications
To insert spyware would attack often abuse zero-day vulnerabilities or even zero-click errors (bugs that do not require interaction from the victim at all, which is as such extremely dangerous).
The goals are high -profile individuals: journalists, lawyers, activists, politicians, senior officials, members of the management committee for strategic sectors and the like.
Apple has notified the goals directly on their devices as well as through a review in their iCloud account. Cert-FR also said that Apple has only notified accounts that were probably already compromised: “Receiving a notification means that at least one of the devices linked to the iCloud account has been targeted and potentially compromised,” the message reads.
“The time between the attempted compromise and receipt of the message is several months, but remains variable.”
The four waves of alarms happened on March 5, April 29, June 25 and September 3.
Cert-FR did not discuss what shortcomings threat actors were targeted, but we know Apple patched at least seven zero-days is missing this year:
- CVE-2025-24085 (use-after-free bug)
- CVE-2025-24200 (Privilege Escalation)
- CVE-2025-24201 (Privilege-Scaling)
- CVE-2025-31200 (memory corruption)
- CVE-2025-31201 (Local Privilege-Scaling)
- CVE-2025-43200 (Logical Error)
- CVE-2025-4330 (Imageio-Error)
One of spyware mentioned in the report is Pegasus, designed by an Israeli cyber security company called the NGO Group. It was blacklisted by the United States in early November 2021 for actions in violation of US national security and foreign policy interests.
Via Bleeping computer
