Apple has issued warnings throughout 2025 after identifying four separate spyware campaigns targeting its users, primarily high-profile individuals. The French National Computer Emergency Response Team (CERT-FR) confirmed that these campaigns leveraged advanced spyware tools such as Pegasus, Predator, Graphite, and Triangulation. These surveillance efforts exploited zero-day and zero-click vulnerabilities—software flaws that require little to no user interaction to compromise a device—making them especially difficult to detect or prevent.
According to CERT-FR, the attacks were designed to target individuals of interest to nation-states or government entities. Those affected included journalists, lawyers, activists, politicians, high-ranking civil servants, and key personnel within critical industries. The sophisticated nature of the exploited spyware allowed attackers to compromise targeted devices without alerting users to abnormal activity.
Apple issued four waves of direct notifications in 2025, specifically on March 5, April 29, June 25, and September 3. Compromised users were notified via both their devices and their iCloud accounts. Apple’s notifications were provided only to accounts believed to be already compromised. Based on the advisory, there can be a delay of several months between the time of a successful attempt and receipt of a notification.
The company responded to these threats by releasing security patches for at least seven critical zero-day vulnerabilities, including the following:
CVE-2025-24085 (use-after-free bug)
CVE-2025-24200 and CVE-2025-24201 (privilege escalation)
CVE-2025-31200 (memory corruption)
CVE-2025-31201 (local privilege escalation)
CVE-2025-43200 (logic flaw)
CVE-2025-4330 (ImageIO flaw)
One of the spyware platforms cited, Pegasus, is developed by the Israeli company NGO Group, which was blacklisted by the United States in 2021 due to concerns over national security and foreign policy.
Users are strongly advised to ensure their Apple devices are updated with the latest security patches and to be vigilant regarding any official notifications from Apple alerting them to possible compromise.
