Apple Quietly Fixed Zero-Day Exploit Used in Paragon Spyware Attack

by

Apple today quietly updated the list of security fixes that were introduced in iOS 18.3.1, noting a previously undisclosed fix for a zero-day vulnerability affecting the Messages app.

bug security vulnerability issue fix larry
Apple acknowledged the fix after security researchers from The Citizen Lab shared details on the flaw, which had been used to target two European journalists. The Messages vulnerability was exploited with the "Graphite" mercenary spyware created by Paragon. Paragon's spyware has been used in targeted attacks against journalists and human rights activists across multiple platforms.

According to Apple, a maliciously crafted photo or video shared through an iCloud link led to a logic issue that allowed for the infiltration of targeted devices. Apple's release notes say that it "is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals."

Apple confirmed to The Citizen Lab that it fixed the vulnerability back when iOS 18.3.1 was released in February, but it is not clear why Apple did not disclose it before today.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: Vulnerabiltiies

Popular Stories

iPhone 17 Pro Dark Blue and Orange

iPhone 17 Release Date, Pre-Orders, and What to Expect

Thursday August 28, 2025 4:08 am PDT by
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall. At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
Read Full Article58 comments
iPhone 17 Pro Iridescent Feature 2

iPhone 17 Pro Clear Case Leak Reveals Three Key Changes

Sunday August 31, 2025 1:26 pm PDT by
Apple is expected to unveil the iPhone 17 series on Tuesday, September 9, and last-minute rumors about the devices continue to surface. The latest info comes from a leaker known as Majin Bu, who has shared alleged images of Apple's Clear Case for the iPhone 17 Pro and Pro Max, or at least replicas. Image Credit: @MajinBuOfficial The images show three alleged changes compared to Apple's iP...
Read Full Article77 comments
xiaomi apple ad india

Apple and Samsung Push Back Against Xiaomi's Bold India Ads

Friday August 29, 2025 4:54 am PDT by
Apple and Samsung have reportedly issued cease-and-desist notices to Xiaomi in India for an ad campaign that directly compares the rivals' devices to Xiaomi's products. The two companies have threatened the Chinese vendor with legal action, calling the ads "disparaging." Ads have appeared in local print media and on social media that take pot shots at the competitors' premium offerings. One...
Read Full Article209 comments
iphone 16 pro ghost hand

iPhone 17 Pro: 5 Reasons Not to Upgrade This Year

Monday September 1, 2025 4:35 am PDT by
Apple will launch its new iPhone 17 series this month, and the iPhone 17 Pro models are expected to get a new design for the rear casing and the camera area. But more significant changes to the lineup are not expected until next year, when the iPhone 18 models arrive. If you're thinking of trading in your iPhone for this year's latest, consider the following features rumored to be coming to...
Read Full Article114 comments
iOS 18 on iPhone Arrow Down

Apple Preparing iOS 18.7 for iPhones as iOS 26 Release Date Nears

Sunday August 31, 2025 4:35 pm PDT by
Apple is preparing to release iOS 18.7 for compatible iPhone models, according to evidence of the update in the MacRumors visitor logs. We expect iOS 18.7 to be released in September, alongside iOS 26. The update will likely include fixes for security vulnerabilities, but little else. iOS 18.7 will be one of the final updates ever released for the iPhone XS, iPhone XS Max, and iPhone XR,...
Read Full Article47 comments

Top Rated Comments

aloysiusfreeman Avatar
aloysiusfreeman
12 weeks ago
Great to see a US-backed company working on surveilling journalists and activists.

Can't wait to see the feds using this on us
Score: 6 Votes (Like | Disagree)
russell_314 Avatar
russell_314
12 weeks ago

Great to see a US-backed company working on surveilling journalists and activists.

Can't wait to see the feds using this on us
Nothing new. The US government has been using private companies and NGO’s for years or likely decades to do their dirty work. The US government might not be allowed to censor or spy on citizens, but they can have a private organization do it for them.
Score: 6 Votes (Like | Disagree)
Plutonius Avatar
Plutonius
12 weeks ago
It's good to see that Apple addressed this exploit. Unfortunately, the next exploit will probably hit soon if it already hasn't :(.
Score: 5 Votes (Like | Disagree)
ThailandToo Avatar
ThailandToo
12 weeks ago

Nothing new. The US government has been using private companies and NGO’s for years or likely decades to do their dirty work. The US government might not be allowed to censor or spy on citizens, but they can have a private organization do it for them.
Just like Apple. I am sure Snowden didn’t make everything up. I also believe the Bloomberg report about China installing chips on Apple’s servers was probably legitimate; why would Apple admit to it? Their whole business model is made in China with slave labor. Funny thing is people believe the marketing hype about Apple caring about our privacy - AAPL cares about the illusion of our privacy.
Score: 3 Votes (Like | Disagree)
Mousse Avatar
Mousse
11 weeks ago

Much of the above seems like a gross generalization. Who determines a fair and equitable salary for employees? Certainly not MR posters.
Not who, but what. Productivity determines what is fair and equitable.
MacRumors content image
MacRumors content image
As you can see, compensation hasn't matched productivity since the 70's.
Score: 3 Votes (Like | Disagree)
russell_314 Avatar
russell_314
12 weeks ago

More likely trying to not create a new news cycle about the original exploit. They fixed the issue but left it out of the release notes initially, because of course people are going to be looking at those release notes when an update is brand new. Then once most people have the update and interest has died down, update them so it's on record in case anyone says "there was this exploit and Apple never patched it".
Every time I’ve seen Apple release updates for security patches they never describe the actual security flaw. So I guess Apple always “quietly” updates their security vulnerabilities ?




Just like Apple. I am sure Snowden didn’t make everything up. I also believe the Bloomberg report about China installing chips on Apple’s servers was probably legitimate; why would Apple admit to it?
You’re absolutely right it would not benefit Apple to admit they had a security breach, but if they know customer data has been breached they have to tell people. This is written into law from my understanding.



Their whole business model is made in China with slave labor. Funny thing is people believe the marketing hype about Apple caring about our privacy - AAPL cares about the illusion of our privacy.
You just described every product you buy in 2025. At least products sold in the USA. Everything you’re wearing was probably made the way you describe. Most of your gadgets in your home were made that way. Likely just about everything you own was made that way. Unfortunately that’s a terrible fact of how things are going now, but it’s not exclusive to Apple. It’s either made in China or a similar country with similar working conditions. In some cases products are made outside of China because China is too strict about working conditions compared to those countries.
Score: 3 Votes (Like | Disagree)
Read All Comments