CVE-2025-43200

Name of the Vulnerable Software and Affected Versions Apple watchOS versions 11.3.1 and later Apple macOS Ventura versions 13.7.4 and later Apple iOS versions 15.8.4 and later Apple iPadOS versions 15.8.4 and later Apple iOS versions 16.7.11 and later Apple iPadOS versions 16.7.11 and later Apple iPadOS versions 17.7.5 and later Apple visionOS versions 2.3.1 and later Apple macOS Sequoia versions 15.3.1 and later Apple iOS versions 18.3.1 and later Apple iPadOS versions 18.3.1 and later Apple macOS Sonoma versions 14.7.4 and later

Description A logic issue exists in the processing of maliciously crafted photos or videos shared via an iCloud Link. This flaw allows for zero-click exploitation, meaning no user interaction is required for successful compromise. The vulnerability has been exploited to deploy Paragon’s Graphite spyware, potentially allowing attackers to gain full access to a device, including messages, emails, camera, microphone, and location data. Reports indicate that specific targeted individuals, including journalists, have been affected. The vulnerability was addressed with improved checks.

Recommendations Apple watchOS versions prior to 11.3.1 should be updated. Apple macOS Ventura versions prior to 13.7.4 should be updated. Apple iOS versions prior to 15.8.4 should be updated. Apple iPadOS versions prior to 15.8.4 should be updated. Apple iOS versions prior to 16.7.11 should be updated. Apple iPadOS versions prior to 16.7.11 should be updated. Apple iPadOS versions prior to 17.7.5 should be updated. Apple visionOS versions prior to 2.3.1 should be updated. Apple macOS Sequoia versions prior to 15.3.1 should be updated. Apple iOS versions prior to 18.3.1 should be updated. Apple iPadOS versions prior to 18.3.1 should be updated. Apple macOS Sonoma versions prior to 14.7.4 should be updated.