Apple Zero-Click iMessage Exploit: CVE-2025-43200 Used to Deploy Paragon Graphite Spyware

Discover how the CVE-2025-43200 zero-click vulnerability in Apple's Messages app was exploited to deploy Paragon's Graphite spyware, targeting journalists worldwide.

Apple Zero-Click iMessage Exploit: CVE-2025-43200 Used to Deploy Paragon Graphite Spyware

🛡️ Overview of the CVE-2025-43200 Zero-Click Exploit

In early 2025, Apple addressed a critical zero-day vulnerability, CVE-2025-43200, within its Messages app. This flaw allowed attackers to execute a zero-click exploit, enabling the deployment of Paragon's Graphite spyware without any user interaction. The exploit was delivered via a maliciously crafted photo or video shared through an iCloud Link, exploiting a logic issue in the processing mechanism.

🕵️‍♂️ Targeted Surveillance of Journalists

Investigations by Citizen Lab revealed that this vulnerability was actively exploited to target members of civil society, including journalists. Notably, Italian journalist Ciro Pellegrino and an unnamed European journalist were infected with the Graphite spyware in early 2025. The spyware was deployed through iMessages sent from a single Apple account, codenamed "ATTACKER1", indicating a coordinated attack by a specific Paragon customer.

🧬 Understanding Paragon's Graphite Spyware

Graphite is a sophisticated surveillance tool developed by the Israeli firm Paragon. Once installed, it can access a wide range of data on the infected device, including:

  • Messages and emails
  • Camera and microphone
  • Location data
  • Other sensitive information

The spyware operates stealthily, making detection and prevention particularly challenging. It's typically deployed by government clients under the guise of national security investigations.

🔧 How to Check for Spyware on Your iPhone

If you suspect your device may have been targeted:

  1. Update Your Device: Ensure your iPhone is running the latest iOS version. Apple patched CVE-2025-43200 in iOS 18.3.1.
  2. Check for Threat Notifications: Apple sends notifications to users who may have been targeted by state-sponsored attacks. Monitor your device for any such alerts.
  3. Use Security Tools: Employ reputable mobile security applications to scan for potential spyware.
  4. Consult Professionals: If you believe your device is compromised, seek assistance from cybersecurity experts.

🔍 Vulnerability CVE-2025-43200

  • Vulnerability: Logic issue in processing iCloud Links within the Messages app.
  • Impact: Allows for zero-click exploitation, leading to unauthorized deployment of spyware.
  • Affected Versions: Devices running iOS versions prior to 18.3.1.
  • Patch Release: Apple addressed the issue on February 10, 2025, through updates to iOS, iPadOS, macOS, watchOS, and visionOS .

Stay ahead of potential threats by monitoring suspicious activities on your applications. Utilize RequestBin to inspect and debug HTTP requests, ensuring your endpoints are secure against unauthorized access.