Apple has issued a new spyware warning to iPhone users in 92 countries after detecting that they were targeted in attacks. Victims were alerted via a notification email indicating that adversaries had attempted to remotely compromise their iPhones. The attacks were apparently aimed at installing malicious software on the device to spy on users’ data and location. This is not the first time Apple has sent out such alerts, with multiple notifications going out to over 150 countries since 2021.
Although Apple did not disclose the origin of the attack, spyware attacks are typically carried out by nation-state actors. In the past, Apple has taken legal action against companies such as the Israeli firm NSO Group for their role in attacks on iPhone users. The iPhone maker has been issuing a growing number of iOS updates in recent years to address vulnerabilities that could be exploited for spyware attacks, especially in cases where flaws are already being exploited in attacks.
Spyware attacks are concerning because they can be delivered through zero-click methods, such as sending a malicious image over iMessage or WhatsApp, which requires no interaction from the iPhone user. If successful, these attacks allow adversaries to take full control of the device, enabling them to eavesdrop on calls, read emails, and access apps like WhatsApp and Signal. While these attacks primarily target specific groups such as journalists, dissidents, and government workers, any iPhone user should ensure their software is up to date.
For users who have received the alert from Apple, the company has introduced Lockdown Mode, which reduces the functionality of the iPhone but may be necessary for those at risk. Additionally, Amnesty International’s Security Lab offers digital forensic support to at-risk individuals, including human rights defenders, activists, journalists, and members of civil society who have received the Apple notification. It is important for all iPhone users to stay vigilant and ensure their iOS software is up to date with the latest version, as Apple may release new updates to address vulnerabilities used in the latest spyware attack.
