- Cyber Syrup
- Posts
- Apple Patches Actively Exploited Messages App Vulnerability Linked to Spyware Attacks
Apple Patches Actively Exploited Messages App Vulnerability Linked to Spyware Attacks
Apple has disclosed a critical security flaw in its Messages app that was actively exploited in targeted cyberattacks against journalists

CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
Find out why 1M+ professionals read Superhuman AI daily.
In 2 years you will be working for AI
Or an AI will be working for you
Here's how you can future-proof yourself:
Join the Superhuman AI newsletter – read by 1M+ people at top companies
Master AI tools, tutorials, and news in just 3 minutes a day
Become 10X more productive using AI
Join 1,000,000+ pros at companies like Google, Meta, and Amazon that are using AI to get ahead.
Apple Patches Actively Exploited Messages App Vulnerability Linked to Spyware Attacks

Apple has disclosed a critical security flaw in its Messages app that was actively exploited in targeted cyberattacks against journalists. The vulnerability, tracked as CVE-2025-43200, was addressed in security updates released on February 10, 2025, impacting iOS, iPadOS, macOS, watchOS, and visionOS platforms.
Details of the Vulnerability
According to Apple, the issue stemmed from a logic flaw in how the Messages app processed maliciously crafted photos or videos shared via iCloud Links. This could allow attackers to remotely exploit the device without any user interaction—a method known as a zero-click attack.
The flaw has been patched with improved input validation in updates including:
iOS/iPadOS 18.3.1, 17.7.5
macOS Sequoia 15.3.1, Sonoma 14.7.4, Ventura 13.7.4
watchOS 11.3.1
visionOS 2.3.1
Apple acknowledged that the vulnerability was likely used in sophisticated, targeted spyware attacks against members of civil society.
Citizen Lab Investigation
The University of Toronto’s Citizen Lab revealed that the CVE-2025-43200 flaw was used to infect two European journalists with Graphite, a powerful spyware tool developed by Israeli firm Paragon. The journalists were targeted via iMessage using the same Apple account, suggesting a coordinated campaign.
Citizen Lab researchers characterized the attack as zero-click, meaning the journalists' devices were infected without any interaction or awareness. One of the targets, Italian journalist Ciro Pellegrino, was notified by Apple on April 29, 2025, of the compromise.
How Graphite Works
Graphite spyware can:
Access emails, messages, location data
Activate the microphone and camera
Operate undetected with full device control
Deployed by government entities under the guise of national security, Graphite logs all activity to servers controlled by the end-user (government agencies), not the vendor. This setup complicates accountability, particularly in cases of misuse.
Political and Legal Ramifications
The case has stirred controversy in Italy, where the government terminated its contract with Paragon after refusing to allow independent verification of surveillance claims. Italy's COPASIR oversight committee admitted using Graphite for national security investigations, but claimed the journalist in question was not a target.
This situation raises urgent questions about transparency, oversight, and legal limits around spyware use. The European Union has already called for stricter regulations on commercial spyware, and this incident may accelerate legislative action.
Apple's Threat Notifications
Apple's alert system aims to notify users of suspected state-sponsored attacks. While receiving such a notification doesn’t confirm infection, it signals suspicious activity consistent with targeted surveillance.
Takeaway
This case underscores the growing threat of spyware, especially to journalists and civil society actors. As commercial surveillance tools become more advanced and accessible, strong governance and international oversight are essential to protect privacy, human rights, and press freedom in the digital age.