Apple Messages Zero-Click Vulnerability Used to Target Journalists with Paragon Spyware

13.06.2025

Apple has confirmed the discovery and patching of a serious zero-click vulnerability (CVE-2025-43200) in its Messages app that was actively exploited in the wild. The flaw allowed attackers to compromise devices through maliciously crafted media files sent via iCloud Links, without requiring any interaction from the user. The issue was fixed in a February 10, 2025, security update across multiple platforms, including iOS, macOS, iPadOS, watchOS, and visionOS.

The Citizen Lab, an academic research group focused on cybersecurity and human rights, revealed that this exploit was used to target journalists, including Italian reporter Ciro Pellegrino and another high-profile European journalist. Their devices were infected with Paragon’s Graphite spyware in a stealthy operation that left no visible trace for the victims. The spyware was delivered through iMessages sent from a single Apple account, believed to be controlled by a Paragon customer.

Graphite is a highly invasive surveillance tool developed by Israeli firm Paragon, capable of extracting private data including messages, emails, camera access, and real-time location. It is typically used by government clients under the pretext of national security, making its detection and attribution extremely difficult. Apple began alerting victims of suspected state-sponsored spyware attacks in 2021 and notified the targeted journalists on April 29, 2025.

The spyware incident has reignited debate over the abuse of commercial surveillance technology in Europe. Although Italian intelligence services admitted using Graphite against a limited number of individuals with legal authorization, questions remain unanswered about how and why investigative journalists were targeted. Meanwhile, Paragon claims it terminated its contracts with Italy over transparency concerns, a decision the Italian government says was mutual.

The revelations highlight a growing crisis around digital surveillance, particularly against civil society actors. Researchers warn that the proliferation of spyware like Graphite and Predator—another tool with widespread use in Africa and beyond—underscores the urgent need for stronger legal oversight and export regulations. Without accountability, journalists and activists remain vulnerable to sophisticated cyber threats that operate in the shadows.