A zero-day vulnerability in Apple iOS and iPadOS, tracked as CVE-2025-43200, has been actively exploited in the wild to deliver the Graphite spyware. This medium-severity flaw, with a CVSS score of 4.2, was added to the Known Exploited Vulnerabilities (KEV) catalog on June 16, 2025, highlighting its significance despite its moderate severity rating.
The vulnerability, which affects multiple Apple products including iOS, iPadOS, and macOS, was exploited before its public disclosure, marking it as a zero-day with a Time to Exploit (TTE) of -0.9 days. Attackers leveraged this flaw in zero-click attacks, a sophisticated method that requires no user interaction, to install spyware on targeted devices. The Graphite spyware, delivered through these attacks, is capable of extracting sensitive information from compromised devices, posing a significant threat to user privacy.
Apple has addressed this logic issue with improved checks in several software updates. The fixes are available in iOS 15.8.4, iPadOS 15.8.4, iOS 16.7.11, iPadOS 16.7.11, iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, and watchOS 11.3.1. Users are strongly advised to update their devices to these versions to mitigate the risk of exploitation.
Given the active exploitation of this vulnerability, security teams should prioritize patching affected systems and monitor for any signs of compromise. The low Exploit Prediction Scoring System (EPSS) score of 0.009 suggests a limited likelihood of widespread exploitation, but the targeted nature of the attacks necessitates vigilance among potential high-value targets.
CSURFACE