iPhone Zero-Day Bug Fixed by Apple - Paragon Spyware Hack

iPhone Spyware Hack Affects European Journalists

Recent disclosures indicate that two journalists based in Europe experienced security breaches involving their iPhones. The intrusions were facilitated by spyware developed by Paragon, a company specializing in surveillance technology.

Apple has confirmed that the vulnerability exploited in these attacks has been addressed. The fix was implemented within the iOS 18.3.1 software update, which was released on February 10th.

Details of the Security Flaw

Initially, Apple’s security advisory for the iOS 18.3.1 update only detailed a separate, unrelated flaw. This initial disclosure concerned a security mechanism that prevents unauthorized iPhone access.

However, Apple subsequently updated the advisory on Thursday to incorporate information about the newly identified vulnerability. This flaw, also resolved in the February 10th update, was not initially made public.

The updated advisory states that the issue stemmed from a “logic issue” when processing maliciously crafted photos or videos delivered through iCloud Links. Apple acknowledges reports suggesting this flaw was leveraged in a highly targeted attack against specific individuals.

Journalists Confirmed as Targets

The Citizen Lab, a research organization, has verified that the identified flaw was used to compromise the devices of Italian journalist Ciro Pellegrino and another, unnamed, prominent European journalist. Their report was shared with TechCrunch prior to public release.

The reason for Apple’s delayed disclosure of this patched vulnerability – a four-month period following the iOS update – remains unclear. An Apple spokesperson has not yet responded to inquiries seeking clarification on this matter.

Background of the Paragon Spyware

The emergence of the Paragon spyware, known as Graphite, came to light in January. WhatsApp alerted approximately 90 users, including journalists and human rights advocates, that they had been targeted by this spyware.

Further notifications were sent by Apple to iPhone users in late April, warning them of potential targeting by mercenary spyware. These alerts, however, did not identify the specific company responsible for the hacking attempts.

The Citizen Lab’s recent publication confirms that the two journalists who received Apple’s notifications were indeed compromised by Paragon’s spyware.

Scope of the Attacks

It remains uncertain whether all recipients of Apple’s notification were also targeted with Graphite spyware. The Apple alert indicated that affected users were located in 100 countries worldwide.

Paragon’s Graphite spyware represents a significant threat to journalists and activists, highlighting the ongoing need for robust mobile security measures. iOS 18.3.1 is crucial for mitigating this risk.