Apple has issued repeated alerts this year warning of targeted spyware campaigns, with four separate waves of notifications sent between March and September 2025. According to France’s national cybersecurity agency CERT-FR, the attacks involved sophisticated tools such as Pegasus, Predator, Graphite, and Triangulation, all of which are capable of exploiting zero-day and zero-click vulnerabilities.
The campaigns focused on high-profile individuals, including journalists, lawyers, activists, politicians, senior government officials, and executives in sensitive industries. Zero-click exploits, which require no user interaction to compromise a device, are considered especially dangerous because victims may not even realize they have been targeted.
Apple said it notified affected users directly on their devices and through iCloud, but emphasized that alerts were sent only when it believed an account had already been compromised. CERT-FR noted that the time lag between an attempted attack and a notification can vary, sometimes stretching several months.
The four waves of alerts were sent on March 5, April 29, June 25, and September 3. While CERT-FR did not disclose which specific vulnerabilities were exploited, Apple confirmed it patched at least seven zero-days this year. These include flaws tied to memory corruption, privilege escalation, and logic errors, such as CVE-2025-24085, CVE-2025-24200, CVE-2025-31200, and CVE-2025-4330.
Pegasus, one of the spyware strains mentioned in the report, is developed by NSO Group, which has faced international scrutiny and was blacklisted by the United States in 2021. Other tools like Predator, developed by Cytrox, have also been linked to government surveillance operations worldwide.
The discovery underscores the ongoing challenge of defending high-value targets against mercenary spyware vendors. While Apple has continued to strengthen security in its devices—most recently with Memory Integrity Enforcement in the iPhone 17—it remains an ongoing arms race between attackers and defenders.
For individuals who receive such a notification, experts recommend assuming that at least one device tied to their Apple ID has been compromised and taking immediate action, such as updating devices, reviewing security practices, and contacting digital security specialists if needed.
