Apple issues customer warning after four spyware campaigns discovered targeting devices

News
By published

Between March and September, Apple users were repeatedly targeted

New Siri features infused with Apple Intelligence being demonstrated at Apple's Worldwide Developers Conference (WWDC) in June 2024.
(Image credit: Apple)
  • Apple issued four waves of alerts in 2025 warning users of spyware attacks targeting high-profile individuals
  • CERT-FR confirmed the use of advanced tools like Pegasus and Predator, exploiting zero-day and zero-click flaws
  • Apple notified compromised users via device and iCloud, while patching at least seven critical vulnerabilities

From early March 2025 Apple has, on four separate occasions, alerted its users about an ongoing spyware attack.

The attacks are sophisticated and dangerous, often targeting individuals of specific interests to different nation-states and governments.

This is according to the French National Computer Emergency Response Team (CERT-FR). In a new security advisory, the agency said threat actors are using advanced spyware, such as Pegasus, Predator, Graphite, or Triangulation, which is “particularly sophisticated and difficult to detect”.

Four waves of notifications

To deploy the spyware, the attackers would often abuse zero-day vulnerabilities, or even zero-click flaws (bugs that require no interaction from the victim whatsoever which are, as such, extremely dangerous).

The targets are high-profile individuals: journalists, lawyers, activists, politicians, senior civil servants, members of management committees of strategic sectors, and similar.

Apple has been notifying the targets directly on their devices, as well as through a notification in their iCloud account. CERT-FR also said that Apple’s only been notifying accounts that were most likely already compromised: “Receiving a notification means that at least one of the devices linked to the iCloud account has been targeted and would potentially be compromised,” the announcement reads.

“The time between the attempted compromise and the receipt of the notification is several months but remains variable.”

The four waves of alerts happened on March 5, April 29, June 25, and September 3.

CERT-FR did not discuss which flaws the threat actors were targeting, but we do know that Apple patched at least seven zero-day flaws this year:

  • CVE-2025-24085 (use-after-free bug)
  • CVE-2025-24200 (privilege escalation)
  • CVE-2025-24201 (privilege escalation)
  • CVE-2025-31200 (memory corruption)
  • CVE-2025-31201 (local privilege escalation)
  • CVE-2025-43200 (logic flaw)
  • CVE-2025-4330 (ImageIO flaw)

One of the spyware mentioned in the report is Pegasus, designed by an Israeli cybersecurity company called NGO Group. It was blacklisted by the US in early November 2021 for actions contrary to US national security and foreign policy interests.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.