Apple is urging virtually every iPhone owner on Earth to act immediately. According to the company, 1.8 billion iPhone users face threats from zero-click exploits that require no user interaction, to social engineering scams that trick victims into handing over passcodes and banking details.
The stakes are catastrophic: attackers can drain bank accounts, steal identities, and turn devices into covert surveillance tools.​
Why Zero-Click Means Zero Warning
Zero-click exploits enable attackers to compromise iPhones by simply sending a message. The target receives nothing alarming—no prompt, no warning. Researchers at Citizen Lab documented that Paragon’s Graphite mercenary spyware exploited a zero-click flaw in Apple’s iMessage to silently infect journalists’ iPhones.
Victims received an innocuous message, yet the spyware installed automatically without requiring any action. No link to click. No attachment to open. Complete infection through Apple’s own messaging platform.​
Four Separate Campaigns, One Terrifying Pattern
Apple has identified four distinct spyware campaigns targeting its devices, and forensic analysis reveals that what once targeted only high-profile individuals is now being used in broader criminal activities. Italian journalist Ciro Pellegrino and a prominent European journalist were both targeted with Graphite spyware in early 2025 through the same attacker infrastructure.
Others, including journalist Francesco Cancellato and activists Luca Casarini and Dr. Giuseppe Caccia, received similar attacks. Mercenary surveillance tools are weaponizing faster than Apple can patch them.
The Emergency Update You Can’t Ignore
Apple has released an emergency security update addressing CVE-2025-24201, a WebKit vulnerability that allows attackers to execute arbitrary code on iPhones. The flaw existed in iOS before version 17.2, prompting Apple to roll out supplementary fixes across iOS 18.3.2, iPadOS 18.3.2, macOS Sequoia 15.3.2, watchOS 2.3.2, and Safari 18.3.1.
Another round addressed CVE-2025-31200 and CVE-2025-31201, which Apple described as “extremely sophisticated attacks” against targeted individuals. The window between discovery and mass exploitation is measured in hours, not weeks.​
The Shocking Vulnerability Count
In a single security cycle, Apple patched dozens of vulnerabilities across its ecosystem. Throughout 2025, Apple disclosed multiple actively exploited zero-day vulnerabilities, and cybersecurity agencies added several Apple vulnerabilities to their catalog of known exploited vulnerabilities.
As security strategist Adam Boynton noted, significant updates contain dozens of security fixes; therefore, users shouldn’t delay updating their iPhones. ​
How Hackers Trick You Into Giving Everything Away
The latest wave involves unsolicited calls claiming to be from Apple Support. Attackers trigger genuine Apple two-factor authentication codes and then immediately call victims, warning them of an account breach. Because the codes genuinely come from Apple’s systems, victims believe the threat is real. The caller directs victims to a fake Apple portal and tricks them into entering their two-factor authentication code.
Once scammers have access, they change passwords and lock out the real owners, gaining access to payment methods and personal information.​
Seven Years Old Now Vintage
Apple recently added multiple iPhone models to its “vintage” classification, meaning they no longer receive routine iOS feature updates and have limited support. Newly classified vintage models include the iPhone 8 and iPhone 7 Plus, devices released less than seven years ago that many owners paid premium prices to purchase.
While vintage devices may still receive critical security patches for severe vulnerabilities, they lack the comprehensive protection of fully supported models.
The AirPlay Spy-Tool Threat
Apple’s AirPlay feature harbors vulnerabilities discovered by researchers at Oligo. These “AirBorne” flaws enable attackers on the same Wi-Fi network to gain remote code execution on Apple devices and activate microphones for eavesdropping.
Researchers demonstrated that smart speakers and AirPlay-enabled devices could be manipulated to display images and capture audio, effectively transforming ordinary consumer electronics into surveillance tools. ​
Your iPhone Can Become a Surveillance Tool
Once attackers control an iPhone, the possibilities for espionage are limitless. The device’s microphone and camera can be activated remotely without any visual indicator. Location services become a tracking beacon. Text messages, emails, financial apps, and password managers become open books. Banking information, identity documents, investment portfolios—all accessible.
For high-value targets, such as journalists and executives, the risks are existential. For everyday users, the threat is equally real but often invisible until accounts are drained or identities are stolen.​
What Attackers Steal
Once compromised, attackers gain access to everything stored on an iPhone. Banking apps reveal account numbers and balances. Password managers unlock every online account. Photos contain driver’s licenses, passports, and Social Security cards. Email archives expose tax documents and medical records. Apple Pay stores credit cards and transaction histories. iCloud Keychain holds Wi-Fi passwords and work credentials.
The average victim stands to lose hundreds or even thousands of dollars in direct fraud, and identity theft can take years to resolve. Every piece of data becomes ammunition for devastation.​
The Privacy Report Feature That Might Save You
Apple has built an App Privacy Report into iOS that lets users see how often apps access sensitive data, such as location, microphone, and camera. Users running iOS 15.2 or later can turn on App Privacy Report in Settings > Privacy & Security > App Privacy Report to view access logs from the past seven days.
The report shows which apps accessed location, photos, camera, microphone, and contacts. If an app accessed your microphone and camera at unexpected times, it might be time to reconsider whether that app deserves those permissions.​
Report Vulnerabilities Directly to Apple
Users and security researchers who discover vulnerabilities can report them directly to Apple through a responsible disclosure process. Apple maintains a web portal for security research submissions and accepts reports that include a clear description, a working exploit or proof of concept, specific product and software versions, and reproduction steps.
Researchers must be the first party to submit a complete and actionable report, and the issue must not be publicly disclosed before Apple releases a patch. ​
The Race Against the Clock
Apple collaborates with security firms like Oligo to identify and patch vulnerabilities quickly, but it also races against attackers who are actively exploiting the same flaws. The window between zero-day discovery, patch development, testing, and deployment is measured in days—sometimes hours. During that window, attackers have a free pass to compromise devices.
Researchers note that Apple’s reluctance to spell out severity levels leaves defenders guessing which flaws pose the greatest risk, complicating patch prioritization across enterprise environments that manage Apple device fleets.​
The Downstream Threat
Security experts warn that spyware tools, once exclusively deployed against diplomats, journalists, and activists, are now being weaponized for mass criminal use. A vulnerability that begins as a targeted attack often trickles into broader, opportunistic campaigns against everyday users.
Once Apple patches a zero-day vulnerability, attackers often recycle it into mass phishing campaigns, credential theft schemes, and financial scams. ​
Act Now or Risk Losing Everything
The window for safety is closing. Every day a device remains unpatched is another day attackers have to exploit the same vulnerability. Go to Settings > General > Software Update and install the latest iOS version immediately. Don’t delay. Zero-click exploits don’t announce themselves.
The 1.8 billion iPhone owners Apple is warning represent virtually every person on Earth who carries the device. The company has sounded the alarm. The only question is whether users will heed the warning before it’s too late.
Sources:
Citizen Lab: Graphite mercenary spyware iOS forensic report (Paragon)​
Citizen Lab: Paragon spyware operations and targeting analysis​
Oligo Security: AirBorne zero-click RCE in Apple AirPlay technical write-up​
Apple & national CERT advisories on AirPlay / AirBorne CVEs (e.g., CSA advisory AL-2025-042)​
Reuters: Apple and Google cyber threat / mercenary spyware notifications to users worldwide