Researchers revealed on Thursday that two European journalists had their iPhones compromised by spyware developed by Paragon. Apple has since patched the vulnerability exploited in these attacks.
Discovery and Patch Details
The Citizen Lab, which published a report on the hack, disclosed that Apple informed its researchers the exploited flaw was addressed in iOS 18.3.1. This update, released on February 10, had previously only mentioned a separate vulnerability unrelated to this spyware attack.
Only recently did Apple update its security advisory to include information about a previously undisclosed flaw. According to the updated advisory, a logic issue occurred when processing a maliciously crafted photo or video shared through an iCloud Link. Apple acknowledged reports that this vulnerability had been exploited in a highly sophisticated attack targeting specific individuals.
The Citizen Lab confirmed that the spyware was used against Italian journalist Ciro Pellegrino and an unnamed prominent European journalist. The reason Apple waited four months to disclose this flaw remains unclear, as the company has not responded to requests for comment.
Background on the Paragon Spyware Scandal
The Paragon spyware controversy began in January when WhatsApp informed approximately 90 users—including journalists and human rights activists—that they had been targeted with spyware known as Graphite, developed by Paragon.
In late April, Apple alerted several iPhone users that they had been victims of mercenary spyware attacks, though the notification did not identify the spyware maker. The Citizen Lab’s findings confirm that at least two journalists who received Apple’s alert were hacked using Paragon’s spyware.
It is still unknown if all users who received Apple’s notifications were targeted with Graphite spyware. Apple’s alert noted that affected users spanned 100 countries.
Author’s Opinion
Apple’s delay in publicly disclosing this critical vulnerability highlights a troubling pattern in how tech companies handle zero-day exploits. While patching the flaw is essential, withholding information from the public and affected users for months undermines trust and leaves many vulnerable in the meantime. Security updates should be accompanied by timely and transparent disclosures to help users and researchers understand risks and protect themselves. When journalists and activists become targets, the stakes are even higher. Companies must prioritize openness alongside rapid fixes to truly defend against sophisticated spyware threats.
Featured image credit: freestocks via Pexels
For more stories like it, click the +Follow button at the top of this page to follow us.