Pierluigi Paganini@securityaffairs.com
//
Apple has released details about a zero-day vulnerability, CVE-2025-43200, that was exploited by Paragon's Graphite spyware to hack at least two journalists' iPhones in Europe. The vulnerability was a zero-click flaw in iMessage, allowing attackers to compromise devices without any user interaction. Apple had quietly patched the flaw in iOS 18.3.1, which was released on February 10, but the details of the vulnerability were not publicized until recently.
The security advisory was updated four months after the initial iOS release to include the zero-day flaw, described as a logic issue when processing a maliciously crafted photo or video shared via an iCloud Link. Apple stated that they were aware of a report that this issue was exploited in an "extremely sophisticated attack against specific targeted individuals." Citizen Lab confirmed that this was the flaw used against Italian journalist Ciro Pellegrino and an unnamed "prominent" European journalist. Citizen Lab also confirmed that Paragon's Graphite spyware was used to hack the journalists' iPhones. This incident is part of a growing trend of mercenary spyware operators exploiting iOS through silent attack chains. The now-confirmed infections call into question a report by Italian lawmakers, which didn't mention one of the hacked journalists. It remains unclear why Apple did not disclose the existence of the patched flaw until four months after the release of the iOS update, and an Apple spokesperson did not respond to a request for comment seeking clarity. References :
Classification:
@Links
//
Spyware maker Paragon has severed ties with the Italian government following a dispute over an investigation into the alleged hacking of journalist Francesco Cancellato’s phone. Paragon stated that it offered its assistance to determine whether its Graphite system was used against the journalist in violation of Italian law and contractual terms. However, the Italian authorities declined Paragon’s offer to independently verify the matter, leading the company to terminate its contracts in Italy. This marks the first instance of a spyware provider publicly acknowledging ending a contract with a government client due to concerns over potential abuse.
The Italian government, through its Department of Information for Security (DIS), rejected Paragon’s proposal, deeming it an “invasive practice” that was “unverifiable in scope, results and method.” The government also expressed concerns that accepting Paragon’s help would compromise national security and expose confidential data to a foreign private company. Several Italian news outlets reported on the government's decision. The Parliamentary Committee for the Security of the Republic (COPASIR) conducted its own investigation, acknowledging that Italian intelligence services had used Paragon’s Graphite spyware to target phones belonging to civil society activists. However, the committee found no evidence that Cancellato was specifically targeted using the technology. This incident has raised questions about the use of spyware by governments and the need for greater transparency and accountability in the industry. References :
Classification: |