Comment by 9935c101ab17a66

1 day ago

I don't have a full answer for you, but I found some more info in the CitizenLab report [^1] about the incidents.

(Small aside, but CitizenLab is excellent and such a valuable resource)

CitizenLab states the zero-click iMessage attack — CVE-2025-43200 - used as one of the vectors was fixed by Apple in iOS 18.3.1.

Apple has an "About the security content of iOS 18.3.1 and iPadOS 18.3.1" [^2] page, and it contains the following:

---

Messages Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Description: This issue was addressed with improved checks.

CVE-2025-43200: Apple

---

1: https://citizenlab.ca/2025/06/first-forensic-confirmation-of...

2: https://support.apple.com/en-us/122174

0 comments

9935c101ab17a66

No comments yet

Contribute on Hacker News ↗