Apple Spyware Notifications Sent to Targeted Users in 2025
Summary
Hide ▲
Show ▼
Apple has sent notifications to multiple users warning them of targeted spyware attacks. The notifications were issued in March, April, June, and September 2025. The spyware attacks are sophisticated and exploit zero-day vulnerabilities in Apple products. The notifications indicate that at least one device linked to the iCloud account was targeted and potentially compromised. The time between the compromise attempt and the receipt of the notification is variable, often several months. The spyware programs involved include Pegasus, Predator, Graphite, and Triangulation. The notifications coincide with the disclosure of zero-day vulnerabilities CVE-2025-43300 in August and CVE-2025-24201 in March. Apple's Memory Integrity Enforcement (MIE) was unveiled to enhance memory safety and defend against spyware attacks.
Timeline
-
12.09.2025 22:28 1 articles · 17d ago
Apple Sends Spyware Notifications to Users in 2025
Apple sent notifications to users on March 5, April 29, June 25, and September 3, 2025, warning them of targeted spyware attacks. The notifications coincide with the disclosure of zero-day vulnerabilities CVE-2025-43300 in August and CVE-2025-24201 in March. The spyware programs involved include Pegasus, Predator, Graphite, and Triangulation. The notifications indicate that at least one device linked to the iCloud account was targeted and potentially compromised. The time between the compromise attempt and the receipt of the notification is variable, often several months.
Show sources
- French Advisory Sheds Light on Apple Spyware Activity — www.darkreading.com — 12.09.2025 22:28
Information Snippets
-
Apple sent spyware notifications to users on March 5, April 29, June 25, and September 3, 2025.
First reported: 12.09.2025 22:281 source, 1 articleShow sources
- French Advisory Sheds Light on Apple Spyware Activity — www.darkreading.com — 12.09.2025 22:28
-
The notifications indicate that at least one device linked to the iCloud account was targeted and potentially compromised.
First reported: 12.09.2025 22:281 source, 1 articleShow sources
- French Advisory Sheds Light on Apple Spyware Activity — www.darkreading.com — 12.09.2025 22:28
-
The spyware programs involved include Pegasus, Predator, Graphite, and Triangulation.
First reported: 12.09.2025 22:281 source, 1 articleShow sources
- French Advisory Sheds Light on Apple Spyware Activity — www.darkreading.com — 12.09.2025 22:28
-
The notifications coincide with the disclosure of zero-day vulnerabilities CVE-2025-43300 in August and CVE-2025-24201 in March.
First reported: 12.09.2025 22:281 source, 1 articleShow sources
- French Advisory Sheds Light on Apple Spyware Activity — www.darkreading.com — 12.09.2025 22:28
-
The time between the compromise attempt and the receipt of the notification is variable, often several months.
First reported: 12.09.2025 22:281 source, 1 articleShow sources
- French Advisory Sheds Light on Apple Spyware Activity — www.darkreading.com — 12.09.2025 22:28
-
Apple's Memory Integrity Enforcement (MIE) was unveiled to enhance memory safety and defend against spyware attacks.
First reported: 12.09.2025 22:281 source, 1 articleShow sources
- French Advisory Sheds Light on Apple Spyware Activity — www.darkreading.com — 12.09.2025 22:28
Similar Happenings
Image I/O Framework Zero-Day Exploited in Targeted Attacks
The zero-day vulnerability CVE-2025-43300 in Apple's Image I/O framework was exploited in targeted attacks against specific individuals. The flaw, an out-of-bounds write issue, was used in combination with a WhatsApp zero-day flaw (CVE-2025-55177) in sophisticated attacks potentially involving nation-state actors or spyware activity. The vulnerability affects multiple iOS, iPadOS, and macOS versions, as well as various iPhone, iPad, and Mac models. Apple has backported fixes for CVE-2025-43300 to older versions, including iOS 16.7.12, iPadOS 16.7.12, iOS 15.8.5, and iPadOS 15.8.5. Users are advised to update promptly to mitigate potential ongoing attacks. The flaw was discovered by Apple security researchers and impacts both older and newer devices. This is the seventh zero-day exploited in the wild since the start of the year. The flaw was addressed with improved bounds checking. Apple has patched a total of seven zero-day vulnerabilities exploited in the wild since the start of the year. The vulnerability was exploited in targeted attacks against specific individuals. Affected devices include iPhone 6s (all models), iPhone 7 (all models), iPhone SE (1st generation), iPhone 8, iPhone 8 Plus, iPhone X, iPad Air 2, iPad mini (4th generation), iPad 5th generation, iPad Pro 9.7-inch, iPad Pro 12.9-inch 1st generation, iPod touch (7th generation), and Macs running macOS Sequoia, Sonoma, and Ventura. WhatsApp has also addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with the Apple flaw in targeted zero-day attacks. The WhatsApp vulnerability, CVE-2025-55177, is an insufficient authorization flaw in linked device synchronization messages. The flaw affects WhatsApp for iOS prior to version 2.25.21.73, WhatsApp Business for iOS version 2.25.21.78, and WhatsApp for Mac version 2.25.21.78. WhatsApp notified less than 200 users that they were targeted in an advanced spyware campaign over the last 90 days.