Apple fixes new iPhone zero-day bug used in Paragon spyware hacks

On Thursday, researchers disclosed that two journalists from Europe had their iPhones compromised by spyware developed by Paragon. In response, Apple has announced a fix for the vulnerability exploited in these hacks. According to a report from Citizen Lab, which was shared with TechCrunch prior to its release, Apple informed the researchers that the flaw was addressed in the iOS 18.3.1 update, rolled out on February 10. Initially, the security advisory for this update only referenced an unrelated issue that allowed attackers to disable a critical iPhone security feature, making devices easier to unlock. However, on Thursday, Apple revised its February 10 advisory to include information about a separate flaw that was also rectified in the update but had not been previously disclosed. The advisory states, "A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals." Citizen Lab's final report confirmed that this particular vulnerability was used against Italian journalist Ciro Pellegrino and another unnamed prominent journalist from Europe. It remains unclear why Apple delayed disclosing this patched vulnerability until four months after the iOS update was released, as an Apple representative did not provide clarification when contacted. The Paragon spyware controversy first emerged in January when WhatsApp alerted around 90 users, including journalists and human rights advocates, that they were targets of Paragon's spyware, known as Graphite. Later, in April, several iPhone users received notifications from Apple indicating they were targets of mercenary spyware, though the notifications did not identify the specific spyware company involved. On Thursday, Citizen Lab confirmed that the two journalists who received Apple notifications were indeed victims of Paragon's spyware. It remains uncertain whether all Apple users who received the notification were also targeted by Graphite. The Apple alert indicated that notifications were sent to affected users across 100 countries.