Apple has been notifying iPhone users in 92 countries about a "mercenary spyware attack" attempting to remotely compromise their device. In a sample notification the company shared with BleepingComputer, Apple says that it has high confidence in the warning and urges the recipient to take seriously.
"Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-," reads the notification.
This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously". -
Apple's warning
To protect against such attacks, Apple recommends a set of immediate actions that include enabling lockdown mode on the device, updating the iPhone and any other Apple products to the latest software version, and seeking expert assistance such as that from the
Digital Security Helpline - a non-profit that provides technical support at no cost for journalists, activists, and human rights defenders.
When describing mercenary spyware attacks, the notification highlights NSO Group’s Pegasus kit and says that they are exceptionally well-funded, sophisticated, and target a very small number of individuals. Apple also updated its support page on spyware protection yesterday replacing the term “state-sponsored” with “mercenary spyware,” noting that these attacks are ongoing and global and sometimes involve private companies that develop spying tools for state actors.
