Full Report
The iPhone maker quietly updated a February security advisory to publicize a flaw that was used to hack at least two journalists in Europe.
Analysis Summary
As a vulnerability research specialist, I have analyzed the provided context regarding the recently patched Apple vulnerability.
# Vulnerability: Logic Bug in iCloud Link Processing Used for Targeted Spyware Attack
## CVE Details
- CVE ID: Not explicitly provided in the text. (It is a zero-day recently patched.)
- CVSS Score: Not explicitly provided. Estimated severity is **High** given the context of targeted zero-day spyware deployment.
- CWE: Logic Issue (Related to improper handling of crafted media files/links).
## Affected Systems
- Products: iPhone (iOS)
- Versions: Versions prior to iOS 18.3.1.
- Configurations: Vulnerable to processing maliciously crafted photos or videos shared via an iCloud Link.
## Vulnerability Description
The vulnerability is described as a "logic issue" that exists when the system processes a maliciously crafted photo or video file shared through an iCloud Link. This flaw was reportedly exploited in an "extremely sophisticated attack" targeting specific individuals, leading to the deployment of Paragon mercenary spyware.
## Exploitation
- Status: **Exploited in the wild** (Confirmed use against specific targeted individuals, including journalists).
- Complexity: Implied to be **High**, as it was used in a sophisticated attack by a known spyware vendor (Paragon).
- Attack Vector: Likely **Network** (via delivery of the maliciously crafted iCloud Link content).
## Impact
- Confidentiality: **High** (Allows installation of advanced spyware like Paragon).
- Integrity: **High** (Allows compromise and control over the device).
- Availability: **Medium/High** (Full device compromise).
## Remediation
### Patches
- **iOS 18.3.1** (Released February 10, 2025, but advisory updated June 11, 2025, to confirm the fix).
### Workarounds
- No explicit workarounds were detailed beyond updating to the patched version. Users should avoid clicking suspicious iCloud Links until updated.
## Detection
- Detection information is not provided in the article, as the focus is on the patch release. Generally, forensic analysis of specialized spyware infections is required.
## References
- Vendor Advisory (Updated February 2025, supplemented June 2025): `support.apple.com/en-us/122174` (Defanged: `support[.]apple[.]com/en-us/122174`)
- Research Report: `citizenlab.ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/` (Defanged: `citizenlab[.]ca/2025/06/first-forensic-confirmation-of-paragons-ios-mercenary-spyware-finds-journalists-targeted/`)