Pierluigi Paganini@securityaffairs.com
//
Apple has released details about a zero-day vulnerability, CVE-2025-43200, that was exploited by Paragon's Graphite spyware to hack at least two journalists' iPhones in Europe. The vulnerability was a zero-click flaw in iMessage, allowing attackers to compromise devices without any user interaction. Apple had quietly patched the flaw in iOS 18.3.1, which was released on February 10, but the details of the vulnerability were not publicized until recently.
The security advisory was updated four months after the initial iOS release to include the zero-day flaw, described as a logic issue when processing a maliciously crafted photo or video shared via an iCloud Link. Apple stated that they were aware of a report that this issue was exploited in an "extremely sophisticated attack against specific targeted individuals." Citizen Lab confirmed that this was the flaw used against Italian journalist Ciro Pellegrino and an unnamed "prominent" European journalist.
Citizen Lab also confirmed that Paragon's Graphite spyware was used to hack the journalists' iPhones. This incident is part of a growing trend of mercenary spyware operators exploiting iOS through silent attack chains. The now-confirmed infections call into question a report by Italian lawmakers, which didn't mention one of the hacked journalists. It remains unclear why Apple did not disclose the existence of the patched flaw until four months after the release of the iOS update, and an Apple spokesperson did not respond to a request for comment seeking clarity.
Recommended read:
References :
- infosec.exchange: NEW: Four months after releasing iOS 18.3.1, Apple has published details about a zero-day that it fixed at the time, but did not publicize.
- Zack Whittaker: Citizen Lab have confirmed two journalists had their phones hacked with Paragon's Graphite spyware, likely by the same customer.
- securityaffairs.com: Security researchers at Citizen Lab revealed that Paragon’s Graphite spyware can hack fully updated iPhones via zero-click attacks.
- techcrunch.com: Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
- The Citizen Lab: Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted - The Citizen Lab
- infosec.exchange: Researchers found forensic evidence of Paragon's spyware on the iPhones of two journalists. One is Ciro Pellegrino, who works for Fanpage.
- Zack Whittaker: NEW: Apple has confirmed in a now-updated February security advisory that it fixed a zero-day bug used in an "extremely sophisticated attack."
- cyberinsider.com: New Zero-Click iMessage Exploit Infected iPhones with Paragon Spyware
- securityaffairs.com: Apple confirmed that Messages app flaw was actively exploited in the wild
- The Hacker News: Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
- Help Net Security: iOS zero-click attacks used to deliver Graphite spyware (CVE-2025-43200)
- Risky.Biz: Risky Bulletin: Predator spyware alive despite US sanctions
- Threats | CyberScoop: Predator spyware activity surfaces in new places with new tricks
- Risky Business Media: Predator spyware alive despite US sanctions
- www.scworld.com: New Predator spyware activity identified
- cyberscoop.com: The spyware’s developer, Intellexa, has been under pressure due to sanctions and public disclosure, but Recorded Future uncovered fresh activity.
- thecyberexpress.com: Apple Patches Flaw Exploited in Zero-click Paragon Spyware Attacks
- www.metacurity.com: Customers keep buying Predator spyware despite US sanctions
- Schneier on Security: Paragon Spyware Used to Spy on European Journalists
- citizenlab.ca: First forensic confirmation of Paragon's iOS mercenary spyware finds journalists targeted
- thecyberexpress.com: Apple Patches Flaw Exploited in Zero-click Paragon Spyware Attacks
@felloai.com
//
A new study by Apple researchers casts a shadow on the capabilities of cutting-edge artificial intelligence models, suggesting that their reasoning abilities may be fundamentally limited. The study, titled "The Illusion of Thinking: Understanding the Strengths and Limitations of Reasoning Models via the Lens of Problem Complexity," reveals that large reasoning models (LRMs) experience a 'complete accuracy collapse' when faced with complex problems. This challenges the widespread optimism surrounding the industry's race towards achieving artificial general intelligence (AGI), the theoretical point at which AI can match human cognitive capabilities. The findings raise questions about the reliability and practicality of relying on AI systems for critical decision-making processes.
Apple's study involved testing LRMs, including models from OpenAI, DeepSeek, and Google, using controlled puzzle environments to assess their problem-solving skills. These puzzles, such as Tower of Hanoi and River Crossing, were designed to evaluate planning, problem-solving, and compositional reasoning. The study found that while these models show improved performance on reasoning benchmarks for low-complexity tasks, their reasoning skills fall apart when tasks exceed a critical threshold. Researchers observed that as LRMs approached performance collapse, they began reducing their reasoning effort, a finding that Apple researchers found "particularly concerning."
The implications of this research are significant for the future of AI development and integration. Gary Marcus, a prominent voice of caution on AI capabilities, described the Apple paper as "pretty devastating" and stated that it raises serious questions about the path towards AGI. This research also arrives amid increasing scrutiny surrounding Apple's AI development, with some alleging the company is lagging behind competitors. Nevertheless, Apple is betting on developers to address these shortcomings, opening up its local AI engine to third-party app developers via the Foundation Models framework to encourage the building of AI applications and address limitations.
Recommended read:
References :
- www.theguardian.com: Apple researchers have found “fundamental limitations� in cutting-edge artificial intelligence models, in a paper raising doubts about the technology industry’s race to reach a stage of AI at which it matches human intelligence.
- felloai.com: In a breakthrough paper, Apple researchers reveal the uncomfortable truth about large reasoning models (LRMs): their internal “thought processes†might be nothing more than performative illusions.
- www.computerworld.com: Filling the void in the few hours before WWDC begins, Apple’s machine learning team raced out of the gate with a research paper, arguing that while the intelligence is artificial, it’s only superficially smart.
- www.livescience.com: A new study by Apple has ignited controversy in the AI field by showing how reasoning models undergo 'complete accuracy collapse' when overloaded with complex problems.
CyberNewswire@hackread.com
//
SquareX has released new threat research highlighting a sophisticated Fullscreen Browser-in-the-Middle (BitM) attack that targets Apple Safari users. This attack exploits a flaw in the browser's Fullscreen API, allowing attackers to create a convincing fullscreen window that mimics a legitimate login page. By using a remote browser, victims are tricked into interacting with an attacker-controlled browser via a pop-up window, divulging credentials and other sensitive information, thinking they are using a regular browser window. Mandiant has highlighted the increasing use of BitM attacks to steal credentials and gain unauthorized access to enterprise SaaS apps.
The Safari-specific implementation flaw uses the Fullscreen API to create a BitM window in fullscreen mode, concealing the suspicious URL from the parent window. Safari users are particularly vulnerable due to the lack of clear visual indicators when entering fullscreen mode, making it difficult to distinguish between a legitimate page and a fake one. Attackers can easily embed a fake login button within the pop-up window that triggers the Fullscreen API upon being clicked. The current Fullscreen API requires user interaction to trigger fullscreen mode, but it does not specify the type of interaction required.
SquareX disclosed this vulnerability to Apple, but they were informed that there is no plan to address the issue. According to SquareX researchers, the Fullscreen BitM attack highlights architectural and design flaws in browser APIs, specifically the Fullscreen API. They emphasized that users could unknowingly click on a fake button and trigger a fullscreen BitM window, especially in Safari, where the lack of clear fullscreen mode cues allows threat actors to steal user credentials stealthily. This exploit renders existing security solutions obsolete when it comes to detecting this type of BitM attack.
Recommended read:
References :
- hackernoon.com: Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials
- cyberinsider.com: Apple Safari Users Vulnerable to Stealthy Browser Attacks
- BleepingComputer: Apple Safari exposes users to fullscreen browser-in-the-middle attacks
- CyberInsider: Apple Safari Users Vulnerable to Stealthy Browser Attacks
- Daily CyberSecurity: Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari
- hackread.com: Fullscreen BitM Attack Discovered by SquareX Exploits Browser Fullscreen APIs to Steal Credentials in Safari
- www.scworld.com: Apple's Safari web browser was discovered to have a Fullscreen API security issue, which could be abused to enable fullscreen browser-in-the-middle intrusions concealing the address bar of the parent window, reports BleepingComputer.
@The DefendOps Diaries
//
Millions of Apple AirPlay-enabled devices are at risk due to the discovery of 23 critical vulnerabilities, collectively named "AirBorne." These vulnerabilities, found in Apple's AirPlay protocol and Software Development Kit (SDK), could allow attackers on the same Wi-Fi network to remotely execute code on vulnerable devices. This poses a significant threat, particularly to third-party devices that incorporate AirPlay, such as smart TVs, speakers, and CarPlay systems.
The vulnerabilities stem from flaws in Apple's implementation of the AirPlay protocol and SDK, which is used for streaming media between devices. A successful exploit could lead to zero-click or one-click remote code execution, bypassing access controls, and conducting man-in-the-middle attacks. This could enable attackers to take over devices, access sensitive files, and potentially steal data.
Apple has released patches to address the AirBorne vulnerabilities in its own products, including iPhones, iPads, MacBooks, Apple TVs, and the Vision Pro headset, however devices that use the software from third parties are still at risk. However, the potential for unpatched third-party devices to remain vulnerable for years is a major concern. Cybersecurity experts estimate that tens of millions of devices could be affected, highlighting the far-reaching impact of these newly discovered flaws.
Recommended read:
References :
- CyberInsider: ‘AirBorne’ Flaws Expose Apple Devices to Zero-Click RCE Attacks
- WIRED: Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi
- BleepingComputer: Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
- www.bleepingcomputer.com: Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
- cyberinsider.com: ‘AirBorne’ Flaws Expose Apple Devices to Zero-Click RCE Attacks
- bsky.app: Oligo security researchers have disclosed over two dozen vulnerabilities in the Apple AirPlay protocol and SDK. Collectively named AirBorne, the vulnerabilities can allow attackers on the same network to run malicious code on any Apple device that supports AirPlay.
- BleepingComputer: A set of security vulnerabilities in Apple's AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution.
- securityonline.info: AirBorne Exploits: Zero-Click Wormable RCE Hits Apple & IoT Devices
- The DefendOps Diaries: Explore AirBorne vulnerabilities in Apple's AirPlay, posing zero-click RCE threats to devices, and learn about mitigation measures.
- securityaffairs.com: AirBorne flaws can lead to fully hijack Apple devices
- securityonline.info: AirBorne Exploits: Zero-Click Wormable RCE Hits Apple & IoT Devices
- BleepingComputer: Mastodon mentions Flaws Expose Apple Devices to Zero-Click RCE Attacks
- www.oligo.security: Oligo Security blog post on AirBorne vulnerability.
- www.techradar.com: Millions of Apple AirPlay devices susceptible to 'AirBorne' zero-click RCE attacks, so patch now
- PCMag UK security: 'AirBorne' Flaw Exposes AirPlay Devices to Hacking: How to Protect Yourself
- Help Net Security: Vulnerabilities in Apple’s AirPlay Protocol, AirPlay Software Development Kits (SDKs), and the CarPlay Communication Plug-in could allow attackers to compromise AirPlay-enabled devices developed and sold by Apple and by other companies.
- Blog: New Apple zero-days go ‘AirBorne’
- bsky.app: Apple 'AirBorne' flaws can lead to zero-click AirPlay RCE attacks
- www.helpnetsecurity.com: Airplay-enabled devices open to attack via “AirBorne†vulnerabilities
- Blog: How to find Apple AirPlay devices on your network
- Risky.Biz: In other news: Marks & Spencer sends staff home after ransomware attack; China accuses US of hacking cryptography provider; AirBorne vulnerabilities impact Apple's AirPlay.
- Risky Business Media: The French government calls out Russian hacks for the first time, Marks & Spencer sends staff home after a ransomware attack, China accuses America of hacking a major cryptography provider, and AirBorne vulnerabilities impact Apple’s AirPlay.
- Risky Business Media: Risky Business #789 -- Apple's AirPlay vulns are surprisingly awful
- The Record: Millions of Apple Airplay-enabled devices can be hacked via Wi-Fi
- securityaffairs.com: Vulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and […]
- arstechnica.com: Millions of Apple AirPlay-Enabled Devices Can Be Hacked via Wi-Fi
- www.scworld.com: Researchers reveal a collection of bugs known as AirBorne that would allow any hacker on the same Wi-Fi network as a third-party AirPlay-enabled device to surreptitiously run their own code on it.
- securityaffairs.com: Vulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and […]
- www.pcmag.com: Apple rolled out a fix with iOS 18.4, but third-party AirPlay-compatible devices remain exposed. Researchers at cybersecurity firm Oligo have found major vulnerabilities in Apple's AirPlay protocol that allow hackers to breach compatible devices on the same Wi-Fi network.
- Malwarebytes: Apple AirPlay SDK devices at risk of takeover—make sure you update
- hackread.com: Billions of Apple Devices at Risk from “AirBorne†AirPlay Vulnerabilities
- PhoneArena - Articles: Millions of AirPlay-enabled devices are at risk of being attacked by "AirBorne" security threat
- The Hacker News: Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
|
|
FlagThis - #apple