Apple has patched a critical vulnerability in iPhones that attackers exploited to install Paragon spyware, TechCrunch reports. The issue allowed hackers to gain access to devices via maliciously crafted photos or videos shared via iCloud.
Researchers at Citizen Lab have found that two European journalists were victims of Graphite software developed by Paragon. The malware exploited an iOS security flaw to steal data from the journalists’ iPhones. Apple says it has fixed the bug, but details are unclear.
Apple recently updated its security advisory and confirmed that the aforementioned vulnerability was fixed back on February 10th with the iOS 18.3.1 update, but for some reason the company did not publicly announce this until this week.
Experts suggest that the delay in releasing the information could have been due to internal investigations or Apple's desire to avoid mass panic.
The incident is part of a wider scandal that began in January, when WhatsApp notified about 90 users, including journalists and human rights activists, of an attack by the Graphite spyware developed by Paragon.
Apple also reportedly sent out alerts to iPhone users in 100 countries in late April, warning of a spyware intrusion on their devices. However, it remains unclear whether all victims of the hack were targeted by Graphite.