Apple says it has no record of a successful spyware attack against any device running Lockdown Mode, the opt-in security feature it introduced in 2022.


"We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device," an Apple spokesperson told TechCrunch.

Lockdown Mode is available on the iPhone, iPad, and Mac, and dramatically restricts certain system features that are commonly exploited by mercenary spyware. When enabled, it blocks most message attachment types, disables certain complex web technologies, and prevents devices from automatically joining non-secure Wi-Fi networks, among other restrictions. Apple designed the feature specifically to protect high-risk users such as journalists, activists, lawyers, and others who may be personally targeted by sophisticated nation-state-level attacks.

• Enable Lockdown Mode on iPhone, iPad, and Mac

Donncha Ó Cearbhaill, head of the security lab at Amnesty International, said he and his colleagues "have not seen any evidence of an iPhone being successfully compromised by mercenary spyware where Lockdown Mode was enabled at the time of the attack." Digital rights organizations including Amnesty International and the University of Toronto's Citizen Lab have documented numerous successful spyware attacks on iPhone users over the years, but none have involved a bypass of Lockdown Mode.

Citizen Lab researchers have confirmed at least two cases where Lockdown Mode actively blocked spyware attacks, with one involving NSO Group's Pegasus and another involving Predator spyware, made by a company now part of Intellexa. Google researchers found that spyware was coded to abort its infection attempt if it detected Lockdown Mode was active, apparently to avoid leaving traces that could expose the attack.

Patrick Wardle, an Apple cybersecurity expert, told TechCrunch, "I think it's safe to say, Lockdown Mode is one of the most aggressive consumer-facing hardening features ever shipped."
This article, "Apple Says No iPhone in Lockdown Mode Has Ever Been Hacked" first appeared on MacRumors.com

Discuss this article in our forums

Apple has begun pushing Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS, warning users of active web-based attacks.


The alerts, which appear as a "Critical Software" notification from the Settings app, warn that Apple "is aware of attacks targeting out-of-date iOS software, including the version on your iPhone," and urge users to install a critical update to protect their device. The notifications are being seen on devices running a range of older iOS versions, including iOS 17.0, far beyond the iOS 13 and iOS 14 devices that Apple specifically flagged in its support documentation.

In the documentation, Apple highlighted recent reports about hacking tools that are effective against older versions of iOS. Hackers are using iOS exploit kits known as "Coruna" and "DarkSword," which can take advantage of vulnerabilities in iOS 13 through to iOS 17.2.1. Clicking a malicious link or visiting a compromised website on an unpatched device could result in data being stolen.

"If your iPhone doesn't have the latest software, update iOS to protect your data," Apple says. Users can update by going to Settings, General, and Software Update.

Apple released iOS 15.8.7 and iOS 16.7.15, along with corresponding iPadOS versions, on March 11 to address security vulnerabilities associated with the Coruna exploit kit. Devices running the latest updated versions of iOS 15 through iOS 26 are already protected, while devices on iOS 13 or iOS 14 must update to iOS 15 to receive these protections.

Apple has patched the vulnerabilities as they have come to light over the last several months, so users who have already upgraded to the newest version of iOS available for their iPhone are protected from the malicious websites and links that are circulating right now. Apple Safe Browsing in Safari is enabled by default and blocks the malicious URL domains identified in the attacks.

Users who are unable to update should consider enabling Lockdown Mode, if available, to protect against malicious web content. Lockdown Mode is available on iOS 16 and later.
This article, "Apple Now Sending Critical Security Alerts to iPhones Running iOS 17 and Earlier" first appeared on MacRumors.com

Discuss this article in our forums

Apple has added a "groundbreaking" new memory security feature to its new iPhone 17 lineup called Memory Integrity Enforcement (MIE), which the company describes as "the most significant upgrade to memory safety in the history of consumer operating systems."


The new security feature targets spyware tools like Pegasus that exploit vulnerabilities to hack targeted devices. According to Apple, MIE provides comprehensive, always-on memory-safety protection covering the kernel and over 70 userland processes, built on the Enhanced Memory Tagging Extension (EMTE).

The new feature is supported by the new A19 and A19 Pro chips found across the iPhone 17 lineup as well as the iPhone Air. Apple says it has also added memory safety improvements for older hardware that doesn't support the new memory tagging features. In addition, Apple is making EMTE available to all Apple developers in Xcode as part of the new Enhanced Security feature that the company released earlier this year during WWDC.

The approach includes mitigation for Spectre V1 attacks that Apple claims works with "virtually zero CPU cost," addressing performance concerns that have plagued similar security features in the past. Apple says these changes make "mercenary spyware" significantly more expensive to develop, and present a major challenge to the surveillance industry.

Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products.

For in-depth information about the new MIE security feature, readers should refer to Apple's Security Research blog.
This article, "iPhone 17 Introduces 'Groundbreaking' New Memory Security Feature" first appeared on MacRumors.com

Discuss this article in our forums

The UK government's secret demand for Apple to create backdoor access to encrypted user data was far broader than previously known, reports the Financial Times. British officials didn't just want to break Apple's Advanced Data Protection feature, but sought to tap a swathe of standard iCloud services used by millions worldwide.


New court filings published on Wednesday by the Investigatory Powers Tribunal (IPC) show the Home Office's technical capability notice (TCN) "is not limited to" Apple's Advanced Data Protection feature, reports the FT. The order also included requirements for Apple to "provide and maintain a capability to disclose categories of data stored within a cloud-based backup service," suggesting the UK wanted access to backed-up messages and passwords.

Perhaps most significantly, the court document states that "the obligations included in the TCN are not limited to the UK or users of the service in the UK; they apply globally in respect of the relevant data categories of all iCloud users."

The revelation comes after Trump administration officials claimed last week that the UK had agreed to drop its encryption demands following pressure from the U.S. director of national intelligence Tulsi Gabbard and vice president JD Vance. However, the new filing suggests the Home Office has yet to formally modify or rescind its global data access demands.

Apple withdrew its Advanced Data Protection (ADP) feature from UK customers in February after receiving the secret government order, but the court documents imply this was only the tip of the iceberg. ADP provides end-to-end encryption for additional iCloud categories like Photos, Notes, and device backups, while standard iCloud already encrypts data in transit and at rest but allows Apple to access it with proper legal requests.

The case is arguably the most significant encryption battle since Apple's 2016 fight with the FBI over unlocking the San Bernardino shooter's iPhone. Apple has consistently maintained that creating backdoors would compromise security for all users and inevitably be exploited by malicious actors.

The IPC will hear Apple's legal challenge in open court early next year, although the UK government refuses to confirm or deny the existence of the Home Office order. The court has agreed to proceed based on "assumed facts" to avoid participants violating the Official Secrets Act.

One person familiar with the case told FT they were "still very concerned this is still going on," despite public statements from U.S. officials about the UK backing down.
This article, "UK Still Demanding Global Access to iCloud User Data, Filings Suggest" first appeared on MacRumors.com

Discuss this article in our forums