
Magnet Forensics Inc., a Canadian cybersecurity firm, accused a former contractor of sharing trade secrets about a previously unknown flaw used to hack iPhones with a rival firm.
The company filed a lawsuit in federal court against Mario Del Gaudio, and Paradigm Shift Technology S.L., alleging the flaw was publicly disclosed on Paradigm’s blog. Both Magnet and Paradigm Shift develop so-called zero-day hacking tools to sell to government customers such as police for investigations. Zero days are computer flaws that aren’t known to cybersecurity personnel, meaning they have zero days to fix them.
Neither Del Gaudio, his attorney nor Paradigm immediately responded to requests for comment.
The flaw at the center of the dispute was in Apple Inc.’s A12 and A13 chips in iPhones, according to the lawsuit. Magnet used the flaw to allow customers to hack into iPhones, according to the suit filed July 7 in the Northern District of Georgia. The company said in court records said that the public disclosure of the flaw alerted Apple to the flaw and allowed it to be potentially fixed, reducing its value to customers.
The disclosure caused “irreparable harm and continuing damage,” according to Magnet. Apple didn’t immediately respond to a request for comment.
Private equity firm Thoma Bravo acquired Magnet Forensics in 2023 for $1.3 billion. Magnet Forensics works with more than 6,000 public and private sector customers in 100 countries, according to the suit.
The technical capability allowed law enforcement and government agencies to access, recover and analyze data and evidence from iPhones that would otherwise be inaccessible, according to Magnet.
In June, Paradigm Shift Technology published research on a zero-day vulnerability in A12 and A13 iPhone chips. As an iOS exploit engineer, Del Gaudio directly worked on that same vulnerability for months during his time at Magnet. Magnet alleged that Del Gaudio was a part of the Paradigm Shift research, and thus allegedly violated a contract signed between Magnet and Del Gaudio.
Magnet also sent multiple cease and desist letters. The research remains publicly available.
The alleged theft of the zero-day vulnerability follows a 2025 case in which a former government contractor working for military contractor L3Harris Technologies Inc. pleaded guilty and was sentenced to more than seven years in prison for stealing and selling offensive hacking tools to a Russian broker.
(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)
Essential Business Intelligence,
Sharp Market Insights,
Practical Personal Finance Advice, Daily Fuel, Gold and Silver Prices and Latest Stories — On NDTV Profit.
























