Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How does the exploit work, though? The article does some real handwaving around "now the device is yours and now it's not". They don't need to go too deep but isn't anyone reading that far into the article going to be curious?


You're not gonna find technical details in an AP article of all places.

You will find it in CitizenLab's report: https://citizenlab.ca/2025/06/first-forensic-confirmation-of...


There isn’t much technical details there either. They list the servers it connected to and log entry but that’s it.

It mentions a CVE number but the apple link is generic and mo details on the CVE database.

Has this even been fixed by apple?


we talking about state sponsored actor with zero day vuln here

You would not find info anywhere


It's no longer a zero day if Apple already patched it.


Just for the sake of being more precise...

On the “vulnerability” it could be considered a zero-day because there was a real exploit against it prior to the exploit being reported by security researchers. It could also be considered not a zero-day because the software vendor is aware of the vulnerability such that no other real exploit of it, regardless of it being patched, will occur on the same day that they learn of it.

It’s kinda moot that it’s been patched. Even if they somehow failed to patch it since the exploit, it is no longer a zero-day vulnerability. But, to your point, knowing that it has been patched is practically (obviously) the same as knowing that the software vendor is aware of the vulnerability.

(Funny enough, they could be aware of it and it still be a zero-day since the definition is how many days have past since the vendor learned of it prior to it being exploited. Though, it would need to be exploited after they learn about it but before they patch it, which is unlikely.)


Why not?


I replied to the parent comment with the info I found:

https://news.ycombinator.com/item?id=44274249

Tl;DR: yes, this was resolved in iOS 18.3.1


I don't have a full answer for you, but I found some more info in the CitizenLab report [^1] about the incidents.

(Small aside, but CitizenLab is excellent and such a valuable resource)

CitizenLab states the zero-click iMessage attack — CVE-2025-43200 - used as one of the vectors was fixed by Apple in iOS 18.3.1.

Apple has an "About the security content of iOS 18.3.1 and iPadOS 18.3.1" [^2] page, and it contains the following:

---

Messages Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

Description: This issue was addressed with improved checks.

CVE-2025-43200: Apple

---

1: https://citizenlab.ca/2025/06/first-forensic-confirmation-of...

2: https://support.apple.com/en-us/122174




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: