BleepingComputer reports that at least two journalists in Europe, including Italian Ciro Pellegrino, had their iPhones subjected to zero-click attacks exploiting the zero-day flaw, tracked as CVE-2025-43200, to deploy Paragon's Graphite spyware earlier this year.
Malicious actors leveraged the 'ATTACKER1' account on iMessage to deliver specially crafted messages exploiting the flaw to spread the Graphite spyware without alerting targeted devices, according to Citizen Lab researchers. Infected devices were later discovered to be connected to a Paragon-linked virtual private server, which was active until April. Apple, which already addressed the vulnerability as part of the iOS 18.3.1 update in early February, has warned the journalists regarding the spyware compromise in late April. Such a development comes after Graphite spyware was reported to have been spread in zero-click intrusions involving a WhatsApp zero-day against Italian individuals. Other spyware attacks against Italians were also reported by authorities earlier this month.
Malicious actors leveraged the 'ATTACKER1' account on iMessage to deliver specially crafted messages exploiting the flaw to spread the Graphite spyware without alerting targeted devices, according to Citizen Lab researchers. Infected devices were later discovered to be connected to a Paragon-linked virtual private server, which was active until April. Apple, which already addressed the vulnerability as part of the iOS 18.3.1 update in early February, has warned the journalists regarding the spyware compromise in late April. Such a development comes after Graphite spyware was reported to have been spread in zero-click intrusions involving a WhatsApp zero-day against Italian individuals. Other spyware attacks against Italians were also reported by authorities earlier this month.
