A recent investigation revealed that Paragon, an Israeli private sector offensive actor, utilized a zero-click vulnerability to successfully infiltrate a target’s device via Apple’s Messages application. They’ve used it to deploy their Graphite spyware on journalists. This invasive surveillance tool takes over devices with zero interaction from an end user. Consequently, it has created serious concerns over the safety and privacy of journalists, both domestically and internationally.
On April 29, 2025, Apple’s security team began notifying the two journalists whose phones had been compromised. This attack was technically labeled as a zero-click because it triggered without the target doing anything. Researchers Bill Marczak and John Scott-Railton confirmed the existence of forensic evidence linking Paragon’s mercenary spyware to the infiltration of these devices. Their results confirm just how pervasive this attack really was. It shot their algorithms and harassed millions of users worldwide, including many on channels such as WhatsApp.
The Mechanics of the Attack
The zero-click attack targeted a vulnerability in Apple’s iOS. It addressed a logic flaw that could lead to arbitrary code execution when processing specially made images or videos sent via iCloud Links. Apple acknowledged the risk associated with this flaw, stating it “may have been exploited in an extremely sophisticated attack against specifically targeted individuals.”
In their analysis, Marczak and Scott-Railton noted that one of the journalist’s devices had been compromised with Paragon’s Graphite spyware between January and early February 2025 while running iOS 18.2.1. They emphasized that “this infection would not have been visible to the target,” highlighting the insidious nature of the attack.
Paragon’s work has been enormous in scale. Reports indicate that dozens of users around the world have been targeted and compromised by the spyware. The resulting logs from the spyware’s deployment are very in-depth and saved onto a server that the customer controls, meaning that they are completely inaccessible to Paragon. That is unacceptable in the absence of any real accountability. It shines a light on the lack of oversight of these surveillance tools and their threatening nature to individual rights.
Global Backlash Against Paragon
To their credit, the Italian government moved quickly. They ended their contract with Paragon after sobering national security risks were raised. In fact, official statements from Paragon indicated that the decision was reached jointly. The company rejected the government’s demand for independent verification. This rejection spurred alarm over the potential misuse of its software against journalists.
The Citizen Lab expressed grave concerns about the implications of such spyware proliferation, stating, “The lack of accountability available to these spyware targets highlights the extent to which journalists in Europe continue to be subjected to this highly invasive digital threat.” This announcement comes as a reminder to the ever-growing threats to media practitioners in an ever-surveilled environment.
This unfortunate occurrence is indicative of a nationwide trend. Similar spyware systems have been in sinister use across the globe. Recorded Future noted, “This aligns with the broader observation that Predator is highly active in Africa, with over half of its identified customers located on the continent.” This indicates a booming global market for surveillance tools that circumvent or eliminate personal privacy.
Apple’s Response and Mitigation Measures
We commend Apple for standing up against the dangers represented by Paragon’s spyware. They had to release patches to address the same vulnerabilities that the software exploited. The most recent of these was iOS 18.3.1, iPadOS 18.3.1 and iPadOS 17.7.5. Chief among those were major vulnerabilities that had long provided back door access.
Apple’s forward-thinking moves highlight the company’s pledge to keeping their users safe, especially when concern for privacy in the digital age continues to grow. By fixing these vulnerabilities as quickly as possible, Apple is working to improve overall defense against attacks that might use similar techniques in the future.