Recommended reading

Apple says it patched flaw that allows Paragon spyware to hack phones - but are you really safe?

News
By , published

Around 100 infections are tied to the zero-day

Malware attack virus alert , malicious software infection , cyber security awareness training to protect business
(Image credit: Shutterstock)
  • Apple has patched a worrying security flaw exploited by threat actors
  • The flaw was exploited in the notorious Paragon spyware campaign
  • The campaign targeted journalists and high-profile individuals

Apple has updated iOS to patch a serious security flaw that was exploited by threat actors to target journalists and prominent members of civil society.

The Paragon spyware campaign was discovered after the zero-click attack campaign used a malicious PDF file to infect Italian journalists with malicious software from Israeli spyware firm Paragon.

“A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link,” Apple confirmed in its iOS 18.3.1 update. “Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

CVE-2025-43200

The patch details have only just been released, despite iOS version 18.3.1 being released in February 2025. Analysis from Citizenlab confirms the compromise of the first journalist’s device was made with Paragon’s Graphite spyware, and was made while the victim was running iOS 18.12.1.

The surveillance tool infected on devices could allegedly access messages, cameras, emails, location data, and microphones without any user action or detection - making protection against the software particularly difficult.

“Apple’s security architecture remains among the strongest in the industry,” argues Adam Boynton, Senior Security Strategy Manager EMEIA at Jamf.

“Their rapid response with iOS 18.3.1 and continued enhancements like Lockdown Mode demonstrate their commitment to protecting users. However, as threat actors become stealthier and more targeted, there is a growing need for additional visibility and forensic capabilities to support enterprise security and high-risk individuals.”

Boynton recommends keeping devices up to date, enabling Lockdown mode on iOS devices, and enabling purpose-built security tools like malware removal software if you believe you’re at risk.

“What makes Graphite especially dangerous is its ability to operate covertly in memory, often leaving minimal artefacts on disk. It is capable of creating system-level impersonations—for example, registering hidden iMessage accounts or spoofing security features—to conceal its presence from both the user and standard detection tools. These tactics make traditional mobile security models insufficient on their own.”

You might also like

TOPICS
Ellen Jennings-Trace
Ellen Jennings-Trace
Staff Writer

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.