Apple has issued new threat notifications to iPhone users in 98 countries, alerting them about potential attacks by the Pegasus spyware. This is the second notification campaign this year, following a similar effort in April that reached users in 92 countries. Since 2021, Apple has regularly issued these notifications, impacting users in more than 150 countries.

 

Recent Spyware Warnings

On July 10th, Apple sent out the latest warnings without identifying the attackers or the specific countries affected. The notifications stated: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID.” Apple emphasized that these attacks are highly targeted, likely focusing on individuals due to their identity or activities.

 

Pegasus Spyware and Its Impact

Pegasus, described by Apple as military-grade spyware, is used by governments to target journalists, political activists, and other individuals through mercenary hackers. Developed by the Israeli company NSO Group, Pegasus is notorious for exploiting zero-day vulnerabilities on mobile devices, making it one of the most advanced spyware tools available.

Reports indicate that users in India are among those who received Apple’s latest threat notifications. Previously, in October, Apple warned several journalists and politicians in India about similar threats. Amnesty International later confirmed the presence of Pegasus on the iPhones of notable Indian journalists.

 

Apple's Security Measures and Recommendations

Apple highlighted the sensitive nature of its threat identification methods, cautioning that disclosing additional details could aid attackers in evading future detection. This underscores the balance between informing users and maintaining effective security measures.

In a notable change, Apple now describes these incidents as “mercenary spyware attacks” rather than “state-sponsored” attacks, reflecting an evolving understanding of these security threats. Apple relies on internal threat intelligence and investigations to detect such attacks, emphasizing its commitment to user privacy and security.

 

Precautionary Measures for iPhone Users

Apple advises all iPhone users, regardless of receiving a notification, to take the following precautionary measures:

  • Ensure devices run the latest software updates.
  • Protect devices with a strong passcode.
  • Implement multi-factor authentication and use a robust password for Apple ID.
  • Only install applications from the official App Store.
  • Utilize a reputable mobile security product.
  • Exercise caution when opening emails, messages, or tapping on links.

 

Enhanced Security with Lockdown Mode

For those at higher risk of targeted spyware attacks, Apple offers Lockdown Mode, providing enhanced security by limiting certain functionalities that could be exploited. Lockdown Mode includes measures such as:

  • Blocking most message attachments.
  • Preventing incoming FaceTime calls from unfamiliar contacts.
  • Restricting certain web technologies and browsing features.
  • Excluding location data from shared photos and removing Shared Albums.
  • Blocking wired connections when the device is locked.
  • Preventing auto-joining of non-secure WiFi networks.
  • Blocking incoming invitations from new contacts.
  • Restricting installation of configuration profiles often used for work or school.

 

Activating Lockdown Mode

To activate Lockdown Mode on an iPhone or iPad:

  1. Open the Settings app.
  2. Navigate to Privacy & Security.
  3. Scroll down and select Lockdown Mode.
  4. Tap “Turn On Lockdown Mode.”
  5. Review the feature’s implications and confirm by tapping “Turn On Lockdown Mode.”
  6. Select “Turn On & Restart,” then enter the device passcode.

By implementing these security measures and staying informed about potential threats, iPhone users can significantly enhance their protection against sophisticated spyware attacks.