- Apple has patched a worrying security error used by threat actors
- The error was exploited in the notorious Paragon Spyware campaign
- The campaign targeted journalists and high -profile individuals
Apple has updated iOS to patch a serious security error used by threat actors to target journalists and prominent members of civil society.
The Paragon Spyware campaign was discovered after the zero-click attack campaign used a malicious PDF file to infect Italian journalists with malicious software from Israeli spyware company Paragon.
“There was a logical problem when dealing with a malicious designed photo or video shared via an iCloud link,” Apple confirmed in its iOS 18.3.1 update. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack on specific targeted individuals.”
CVE-2025-43200
The patch details have only just been released, despite iOS version 18.3.1 being released in February 2025. Analysis from CitizenLab confirms the compromise of the first journalist’s device was made with Paragon’s GraphitSpyware, and was made while the victim was running iOS 18.12.1.
The monitoring tool infected on devices could reportedly access messages, cameras, e emails, location data and microphones without any user action or detection – making protection against the software particularly difficult.
“Apple’s security architecture remains among the strongest in the industry,” argues Adam Boynton, Senior Security Security Strategy Manager Emeia at Jamf.
“Their rapid response with iOS 18.3.1 and continued improvements as a lockdown state demonstrates their commitment to protect users. As threat actors become stealthis and more targeted, there is a growing need for additional visibility and forensic capabilities to support business security and people at high risk.”
Boynton recommends keeping devices up to date, enabling Lockdown mode on iOS devices and activating custom-built security tools such as malware removal software if you think you’re in danger.
“What makes graphite particularly dangerous is its ability to operate hidden in memory, which often leaves minimal objects on the counter. It is capable of creating imitations at system level-for example to detect hidden iMessage accounts or forgery of security functions-to hide its presence from both user and standard detection tools.
