Particle.news
Download on the App Store
8 ARTICLES
·
5d ago

Paragon Graphite Spyware Found on Two European Journalists’ iPhones

Apple patched the zero-click iMessage exploit in iOS 18.3.1 months before Citizen Lab confirmed the infections.

Italian investigative journalist Ciro Pellegrino poses for a picture at the offices of the online newspaper Fanpage.it, in Naples, Italy, June 11, 2025. REUTERS/Matteo Ciambelli
FILE - Giorgia Meloni attends a debate at the Senate in Rome, Oct. 26, 2022. (AP Photo/Andrew Medichini, file)
Italian investigative journalist Ciro Pellegrino shows his phone screen displaying a threat notification from Apple warning of a mercenary spyware attack, in Naples, Italy, June 11, 2025. REUTERS/Matteo Ciambelli
The malware alert appears on the screen of a smartphone in Reno, United States, on December 2, 2024. (Photo by Jaque Silva/NurPhoto via Getty Images)

Overview

  • Citizen Lab’s forensic analysis confirmed that Paragon’s Graphite spyware compromised the iPhones of Italian journalist Ciro Pellegrino and an unnamed European journalist through a zero-click iMessage attack exploiting CVE-2025-43200 on iOS 18.2.1.
  • Apple patched the identified logic flaw in processing malicious iCloud Links in its iOS 18.3.1 update on February 10, 2025, closing the exploit used in the attacks.
  • Italy’s parliamentary intelligence oversight committee and Paragon provide conflicting accounts of their contract’s termination, with the company citing refusal of its investigative offer and authorities pointing to national security concerns.
  • Meta reported in January that roughly 90 WhatsApp users in over two dozen countries were targeted with Graphite spyware and Citizen Lab later confirmed infections of activists Luca Casarini and Giuseppe Caccia.
  • Paragon continues to hold U.S. government contracts, including a one-year $2 million award from the Department of Homeland Security, raising questions about regulation of commercial surveillance tools.