Apple has updated its list of security fixes that were introduced in iOS 18.3.1 to include a previously undisclosed fix for a zero-day vulnerability that affected the Messages app.
Messages
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
Impact: A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.
Description: This issue was addressed with improved checks.
CVE-2025-43200: Apple
Apple quietly acknowledged the fix after security researchers from The Citizen Lab shared details on the flaw, which had been used to target two European journalists. The Messages vulnerability was exploited with the “Graphite” mercenary spyware created by Paragon, which may have been used in targeted attacks against journalists and human rights activists across multiple platforms.
Apple confirmed to The Citizen Lab that it fixed the vulnerability back when iOS 18.3.1 was released in February.
