Apple is telling us that a dangerous zero-click security vulnerability in its Messages app, known as CVE-2025-43200, has been aggressively exploited by highly skilled attackers to hack into the accounts of members of civil society, primarily journalists.
This exploitable weakness comprised receiving a next-generation mercenary spyware product, “Graphite,” developed by Israeli company Paragon Solutions, without user interaction.
The weakness was enabled through a “logic issue” in how the Messages app handled a “maliciously crafted photo or video shared via an iCloud Link.” That simply receiving that content on an iPhone could be enough to compromise the device, even if the user didn’t click on the message or otherwise interact with it, making it hard for victims to know they were hacked.
The Citizen Lab, a research center focused on interdisciplinary studies, significantly contributed to the discovery of this exploitation. Their forensic work represented the first public evidence of the Graphite spyware Paragon has managed to get into Apple devices.
The probe discovered that it had atleast two European journalists — Italian journo Ciro Pellegrino and another yet unnamed influential European journalist — on its hit list. Both were informed by Apple in April 2025 that they may be targets of state-sponsored attacks.
Graphite : Paragon-developed surveillance tool.. which can access messages, emails, camera feeds, microphones, and users location. The journalists received the same exploit using the iMessage account, codenamed “ATTACKER1,” which according to the researchers was a single operator or client of Paragon behind the attacks.
Apple patched the flaw quickly with more rigorous checks in iOS 18.3.1 and and associated releases, which went out on February 10, 2025. The incident highlights the continuing threat of mercenary spyware to civil liberties and press freedom around the world and the race among tech companies to plug digital security holes that can be exploited by surveillance vendors.
The issue has also raised controversy in Italy, where the government’s employment of Paragon to spy on citizens has been the subject of debate.
