Recently, Apple addressed a serious security flaw in iPhones associated with a zero-day vulnerability, which was reportedly misused to target journalists. This vulnerability, discovered by Citizen Lab, permitted Paragon’s Graphite spyware to infiltrate devices through iMessage.
The issue has since been fixed with the release of iOS 18.3.1. In April 2025, Apple alerted a select group of iOS users, including two notable journalists, about attempts to compromise their devices with spyware.
Citizen Lab confirmed these concerns through forensic analysis, which revealed that both a European journalist and an Italian journalist were targeted by the surveillance firm Paragon. The spyware was introduced through a zero-click attack, meaning the victim did not need to take any action to become compromised; a malicious message alone could trigger the exploit.
Fortunately, this vulnerability has now been patched by Apple. While iOS is recognized for its robust security measures, it is not completely immune to attacks.
Citizen Lab’s continued examination indicated that the exploited vulnerability was linked to how iOS handles photos and videos sent via iCloud links. Moreover, Apple informed another journalist earlier this year that they were also targeted by Paragon’s spyware, suggesting a broader trend of assaults against members of the press.
So far, only certain individuals have been affected, and with Apple’s timely response, general users have little to fear. However, the incident highlights the ongoing battle between cybercriminals and technology companies.
Despite Apple’s commitment to privacy and security, the company is not exempt from sophisticated hacking attempts. As users, we may not be able to influence the larger picture, but it is crucial to keep our devices updated.
When vulnerabilities are identified, companies typically provide patches; therefore, timely updates should not be overlooked.