Recently, Apple patched a critical iPhone zero-day vulnerability. Reportedly, this vulnerability was quietly exploited, targeting journalists. Citizen Lab discovered the vulnerability. Basically, it allowed for Paragon's Graphite spyware to infiltrate iPhones via iMessage. The issue has been addressed in iOS 18.3.1.
Back in April 2025, Apple notified a select group of iOS users (including two prominent journalists) that their devices had been targeted by spyware. Citizen Lab, which is a cybersecurity research group, confirmed the suspicions using forensic analysis.
The investigation reportedly showed that a European journalist and an Italian journalist were targeted by surveillance firm Paragon. The spyware was reportedly installed via a zero-click attack in iMessage.
A "zero-click" attack basically requires no action to be taken by the victim. The malicious user sends a specific malicious message and it compromises the device. Luckily, Apple has patched this vulnerability with iOS 18.3.1.
iOS is known for its security and privacy, but even iOS can fall victim to malicious users. | Image Credit – Apple
Meanwhile, as Citizen Lab continued its analysis, it found that the exploited vulnerability was related to how iOS processed photos and videos sent via iCloud links. Another journalist has also been notified by Apple in January of this year about being targeted with Paragon's spyware. This could mean a broader pattern of attacks against journalists.
So far, it seems only these specific people were targeted, and the vulnerability has been fixed by Apple already, so you generally have nothing to worry about. However, this incident clearly underlines the continuing fight between malicious users and companies.
Apple is generally known for its privacy and security-centric approach, but even Apple can fall prey to the creativity and maliciousness of hackers. It's basically a cat-and-mouse game between device makers and hackers, and it's been like this since tech existed, pretty much.
Recommended Stories
Although we as users can't do much in the grand scheme of things, it's important to update your device in a timely manner. When a security vulnerability has been discovered, usually companies release patches and updates to iron it out, so don't postpone or delay these when you see them waiting to be installed on your device.
Izzy, a tech enthusiast and a key part of the PhoneArena team, specializes in delivering the latest mobile tech news and finding the best tech deals. Her interests extend to cybersecurity, phone design innovations, and camera capabilities. Outside her professional life, Izzy, a literature master's degree holder, enjoys reading, painting, and learning languages. She's also a personal growth advocate, believing in the power of experience and gratitude. Whether it's walking her Chihuahua or singing her heart out, Izzy embraces life with passion and curiosity.
A discussion is a place, where people can voice their opinion, no matter if it
is positive, neutral or negative. However, when posting, one must stay true to the topic, and not just share some
random thoughts, which are not directly related to the matter.
Things that are NOT allowed:
Off-topic talk - you must stick to the subject of discussion
Offensive, hate speech - if you want to say something, say it politely
Spam/Advertisements - these posts are deleted
Multiple accounts - one person can have only one account
Impersonations and offensive nicknames - these accounts get banned
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts:
New accounts created within the last 24 hours may experience restrictions on how frequently they can
post or comment.
These limits are in place as a precaution and will automatically lift.
Moderation is done by humans. We try to be as objective as possible and moderate with zero bias. If you think a
post should be moderated - please, report it.
Have a question about the rules or why you have been moderated/limited/banned? Please,
contact us.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed:
To help keep our community safe and free from spam, we apply temporary limits to newly created accounts: