CISA Warns of iOS 0-Click Vulnerability Exploited in the Wild
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
CISA has added a critical iOS zero-click vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw has been actively exploited by sophisticated mercenary spyware in targeted attacks against journalists.
The vulnerability, tracked as CVE-2025-43200, affects multiple Apple products, including iOS, iPadOS, macOS, watchOS, and visionOS, allowing attackers to compromise devices without any user interaction through maliciously crafted photos or videos shared via iCloud Links.
Zero-Click Exploit Targets Apple Devices via iCloud Links
The vulnerability represents a significant security concern as it enables zero-click attacks, where no user interaction is required for successful device compromise.
CVE-2025-43200 specifically targets Apple’s media processing functionality when handling content shared through iCloud Links, creating an attack vector that bypasses traditional user awareness and security measures.
CISA added this vulnerability to the KEV catalog on June 16, 2025, establishing a remediation deadline of July 7, 2025, for federal agencies and recommending immediate action for all organizations.
The technical nature of this exploit makes it particularly dangerous, as victims have no indication of compromise during the attack process.
Unlike traditional malware that requires user clicks or downloads, this zero-click vulnerability automatically executes when the target device processes the malicious media content.
The attack methodology demonstrates the sophisticated capabilities of modern mercenary spyware operations that can bypass Apple’s robust security architecture.
Citizen Lab researchers have confirmed that the Graphite spyware, developed by Paragon Solutions, exploited CVE-2025-43200 to target at least three European journalists through iMessage delivery mechanisms.
Forensic analysis revealed that an attacker account, designated as “ATTACKER1” by researchers, systematically deployed the zero-click exploit against multiple targets using Apple’s messaging platform as the primary attack vector.
The confirmed targets include Italian journalist Ciro Pellegrino, head of the Naples newsroom at Fanpage.it, and Francesco Cancellato, another journalist from the same organization.
Both journalists received Apple security notifications on April 29, 2025, alerting them to potential advanced spyware compromises.
Subsequent forensic examination confirmed the presence of Graphite spyware artifacts on their devices, indicating successful compromise and potential data exfiltration.
Technical analysis of the compromised devices revealed connections to infrastructure associated with IP address 46.183.184.91, hosted on VPS provider EDIS Global.
This server maintained characteristics matching Citizen Lab’s “Fingerprint P1” identifier until at least April 12, 2025, providing researchers with crucial attribution evidence linking the attacks to Paragon’s spyware operations.
Risk Factors Details Affected ProductsiOS, iPadOS, macOS, watchOS, visionOSImpactArbitrary code executionExploit PrerequisitesUnpatched Apple devices (iOS
#Cyber_Security #Cyber_Security_News #iOS #Vulnerability #Zero-Click #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
CISA Warns of iOS 0-Click Vulnerability Exploited in the Wild
Author: Guru BaranCISA has added a critical iOS zero-click vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, warning that the flaw has been actively exploited by sophisticated mercenary spyware in targeted attacks against journalists.
The vulnerability, tracked as CVE-2025-43200, affects multiple Apple products, including iOS, iPadOS, macOS, watchOS, and visionOS, allowing attackers to compromise devices without any user interaction through maliciously crafted photos or videos shared via iCloud Links.
Zero-Click Exploit Targets Apple Devices via iCloud Links
The vulnerability represents a significant security concern as it enables zero-click attacks, where no user interaction is required for successful device compromise.
CVE-2025-43200 specifically targets Apple’s media processing functionality when handling content shared through iCloud Links, creating an attack vector that bypasses traditional user awareness and security measures.
CISA added this vulnerability to the KEV catalog on June 16, 2025, establishing a remediation deadline of July 7, 2025, for federal agencies and recommending immediate action for all organizations.
The technical nature of this exploit makes it particularly dangerous, as victims have no indication of compromise during the attack process.
Unlike traditional malware that requires user clicks or downloads, this zero-click vulnerability automatically executes when the target device processes the malicious media content.
The attack methodology demonstrates the sophisticated capabilities of modern mercenary spyware operations that can bypass Apple’s robust security architecture.
Citizen Lab researchers have confirmed that the Graphite spyware, developed by Paragon Solutions, exploited CVE-2025-43200 to target at least three European journalists through iMessage delivery mechanisms.
Forensic analysis revealed that an attacker account, designated as “ATTACKER1” by researchers, systematically deployed the zero-click exploit against multiple targets using Apple’s messaging platform as the primary attack vector.
The confirmed targets include Italian journalist Ciro Pellegrino, head of the Naples newsroom at Fanpage.it, and Francesco Cancellato, another journalist from the same organization.
Both journalists received Apple security notifications on April 29, 2025, alerting them to potential advanced spyware compromises.
Subsequent forensic examination confirmed the presence of Graphite spyware artifacts on their devices, indicating successful compromise and potential data exfiltration.
Technical analysis of the compromised devices revealed connections to infrastructure associated with IP address 46.183.184.91, hosted on VPS provider EDIS Global.
This server maintained characteristics matching Citizen Lab’s “Fingerprint P1” identifier until at least April 12, 2025, providing researchers with crucial attribution evidence linking the attacks to Paragon’s spyware operations.
Risk Factors Details Affected ProductsiOS, iPadOS, macOS, watchOS, visionOSImpactArbitrary code executionExploit PrerequisitesUnpatched Apple devices (iOS
#Cyber_Security #Cyber_Security_News #iOS #Vulnerability #Zero-Click #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
