{"id":58812,"date":"2025-06-13T15:24:12","date_gmt":"2025-06-13T15:24:12","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/apple-fixes-zero-click-exploit-underpinning-paragon-spyware-attacks\/"},"modified":"2025-06-13T15:24:12","modified_gmt":"2025-06-13T15:24:12","slug":"apple-fixes-zero-click-exploit-underpinning-paragon-spyware-attacks","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/apple-fixes-zero-click-exploit-underpinning-paragon-spyware-attacks\/","title":{"rendered":"Apple fixes zero-click exploit underpinning Paragon spyware attacks"},"content":{"rendered":"

Apple has updated its iOS\/iPadOS 18.3.1 documentation, confirming it introduced fixes for the zero-click vulnerability used to infect journalists with Paragon’s Graphite spyware.<\/p>\n

The infections were confirmed when two journalists approached spyware researchers at The Citizen Lab after receiving notifications from Apple in April that they were targeted by spyware.<\/p>\n

The researchers looked under the hoods of the reporters’ phones, confirming the same. Apple has since assigned the zero-day vulnerability CVE-2025-43200 (7.5), saying it was addressed with improved checks.<\/p>\n

\"surveillance\"<\/p>\n

Paragon spyware deployed against journalists and activists, Citizen Lab claims<\/h2>\n

READ MORE<\/span><\/a><\/div>\n

“A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link,” it said in the update<\/a>. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”<\/p>\n

The details of the patch were added this week for the first time, despite version 18.3.1 and its documentation being released in February. The two journalists are thought to have been infected between January and February while running iOS version 18.2.1.<\/p>\n