Apple warns of mercenary spyware attacks on iPhone users in 92 countries

Pierluigi Paganini April 11, 2024

Apple is warning iPhone users in over 90 countries of targeted mercenary spyware attacks, Reuters agency reported.

Apple is alerting iPhone users in 92 countries about mercenary spyware attacks, reported Reuters.

Reuters only mentioned India as one of the countries where users were targeted by the attacks.

According to a threat notification email sent to targeted users, the IT giant detected attempts to “remotely compromise the iPhone.”

The company did not attribute the targeted attacks to “any specific state-sponsored attacker”.

“Initially, Apple explicitly referred to “state-sponsored attacks.” After the last warnings to Indian opposition politicians and journalists, the government there appeared to be annoyed – unfavorable for Apple, after all, India is becoming increasingly important as an iPhone production location.” reported the German website Heise. “Meanwhile, the iPhone company instead speaks diplomatically of “mercenary spyware” and notes that such attacks “have historically been associated with state actors.””

Apple started sending such kind of threat notifications in 2021, and since then the company has notified users in more than 150 countries.

Apple recommends that targeted iPhone users update their devices to the latest software version and contact cybersecurity experts to investigate potential compromise.

In response to a wave of sophisticated attacks against Apple users (i.e. PegasusDevilsTongue, and Hermit) in July 2022 Apple developed a new security feature, called lockdown mode, to protect its users against highly targeted cyberattacks.

Apple iOS Lockdown mode

Some of the protections implemented in the lockdown mode are:

  • Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
  • Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
  • Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
  • Wired connections with a computer or accessory are blocked when iPhone is locked.
  • Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)

you might also like

leave a comment