| I don't have a full answer for you, but I found some more info in the CitizenLab report [^1] about the incidents. (Small aside, but CitizenLab is excellent and such a valuable resource) CitizenLab states the zero-click iMessage attack — CVE-2025-43200 - used as one of the vectors was fixed by Apple in iOS 18.3.1. Apple has an "About the security content of iOS 18.3.1 and iPadOS 18.3.1" [^2] page, and it contains the following: --- Messages
Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later Impact: A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. Description: This issue was addressed with improved checks. CVE-2025-43200: Apple --- 1: https://citizenlab.ca/2025/06/first-forensic-confirmation-of... 2: https://support.apple.com/en-us/122174 |