March 19, 2025 By Sergiu Gatlan
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon's Graphite spyware following reports from security researchers at the University of Toronto's Citizen Lab.
The company addressed the attack vector late last year "without the need for a client-side fix" and decided not to assign a CVE-ID after "reviewing the CVE guidelines published by MITRE, and [its] own internal policies."
"WhatsApp has disrupted a spyware campaign by Paragon that targeted a number of users including journalists and members of civil society. We’ve reached out directly to people who we believe were affected," a WhatsApp spokesperson told BleepingComputer.
"This is the latest example of why spyware companies must be held accountable for their unlawful actions. WhatsApp will continue to protect people’s ability to communicate privately."
