Apple

A zero-click attack leveraging a newly disclosed Messages vulnerability (CVE-2025-43200) has infected the iPhones of two European journalists with Paragon's Graphite mercenary spyware. The attack, which occurred in January and early February 2025, exploited a logic issue triggered when processing a maliciously crafted photo or video shared via an iCloud Link. The vulnerability was fixed in iOS 18.3.1, released on February 10. Apple acknowledged that this issue may have been exploited in a sophisticated attack against specific targeted individuals. Users who have upgraded to iOS 18.3.1 and later versions are safe from this attack. High-risk users are advised to enable Lockdown Mode and reboot their devices daily to minimize the attack surface.

Source: https://www.helpnetsecurity.com/2025/06/13/ios-zero-click-attacks-used-to-deliver-graphite-spyware-cve-2025-43200/

TPRM report: https://scoringcyber.rankiteo.com/company/apple

"id": "app605061325",
"linkid": "apple",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'Media',
                        'location': 'Europe',
                        'name': 'Ciro Pellegrino',
                        'type': 'Journalist'},
                       {'industry': 'Media',
                        'location': 'Europe',
                        'name': 'Unnamed European journalist',
                        'type': 'Journalist'}],
 'attack_vector': 'Zero-click attack via maliciously crafted photo or video '
                  'shared via an iCloud Link',
 'date_detected': '2025-01-01',
 'date_publicly_disclosed': '2025-06-11',
 'description': 'A zero-click attack leveraging a freshly disclosed Messages '
                'vulnerability (CVE-2025-43200) has infected the iPhones of '
                'two European journalists with Paragon’s Graphite mercenary '
                'spyware.',
 'impact': {'systems_affected': 'iPhones of two European journalists'},
 'initial_access_broker': {'entry_point': 'iCloud Link'},
 'investigation_status': 'Ongoing',
 'lessons_learned': 'Users should update to iOS 18.3.1 and enable Lockdown '
                    'Mode to minimize their attack surface.',
 'motivation': 'Spying on high-value targets',
 'post_incident_analysis': {'corrective_actions': 'Update to iOS 18.3.1',
                            'root_causes': 'Vulnerability CVE-2025-43200'},
 'recommendations': 'Users concerned about being targeted should consider '
                    'enabling Lockdown Mode and rebooting their device daily.',
 'references': [{'source': 'Citizen Lab'}],
 'response': {'remediation_measures': ['Update to iOS 18.3.1',
                                       'Enable Lockdown Mode',
                                       'Reboot device daily'],
              'third_party_assistance': ['Citizen Lab',
                                         'Amnesty International',
                                         'Access Now']},
 'threat_actor': 'Paragon operator',
 'title': 'Zero-Click Attack on European Journalists with Paragon’s Graphite '
          'Spyware',
 'type': 'Spyware',
 'vulnerability_exploited': 'CVE-2025-43200'}