Apple Patches Zero-Day iPhone Bug Exploited in Paragon Spyware Attacks
Apple has addressed a zero-day vulnerability in iPhones that was actively exploited in spyware attacks orchestrated by Paragon. This revelation follows reports that two European journalists were targeted using Paragon’s spyware. The tech giant has since issued a fix to mitigate the security flaw.
According to a report by The Citizen Lab, Apple informed its researchers that the vulnerability exploited in these attacks was patched in iOS 18.3.1, a software update released on February 10. Initially, the security advisory for this update only mentioned an unrelated flaw that allowed attackers to disable an iPhone security mechanism.
However, on Thursday, Apple updated its February 10 advisory to include details about the newly discovered flaw, confirming that it was also addressed in the same update. The updated advisory states, “A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.”
The Citizen Lab’s report confirms that this vulnerability was indeed used to target Italian journalist Ciro Pellegrino and another prominent European journalist.
The initial lack of transparency from Apple regarding this patched flaw raises questions, as it was not disclosed until four months after the iOS update was released. An Apple spokesperson has not yet responded to requests for clarification on this matter.
The Paragon spyware issue first surfaced in January when WhatsApp alerted approximately 90 users, including journalists and human rights activists, about being targeted with Graphite spyware developed by Paragon.
In late April, numerous iPhone users received notifications from Apple indicating they were targets of mercenary spyware. The notifications did not explicitly name the spyware company responsible for the attacks.
The Citizen Lab’s recent findings confirm that two journalists who received these Apple notifications were indeed hacked using Paragon’s spyware.
It remains unclear whether all Apple users who received the notifications were targeted with Graphite. Apple stated that the notifications were sent to affected users in 100 countries.
