Apple Updates Spyware Alert System to Warn Victims of Mercenary Attacks
11.4.24  OS  The Hacker News

Apple on Wednesday revised its documentation pertaining to its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks.

It also specifically called out companies like NSO Group for developing commercial surveillance tools such as Pegasus that are used by state actors to pull off "individually targeted attacks of such exceptional cost and complexity."

"Though deployed against a very small number of individuals — often journalists, activists, politicians, and diplomats — mercenary spyware attacks are ongoing and global," Apple said.

"The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks makes them some of the most advanced digital threats in existence today."

The update marks a change in wording that previously said these "threat notifications" are designed to inform and assist users who may have been targeted by state-sponsored attackers.

According to TechCrunch, Apple is said to have sent threat notifications to iPhone users in 92 countries at 12:00 p.m. PST on Wednesday coinciding with the revision to the support page.

It's worth noting that Apple began sending threat notifications to warn users it believes have been targeted by state-sponsored attackers starting November 2021.

However, the company also makes it a point to emphasize that it does not "attribute the attacks or resulting threat notifications" to any particular threat actor or geographical region.

The development comes amid continued efforts by governments around the world to counter the misuse and proliferation of commercial spyware.

Last month, the U.S. government said Finland, Germany, Ireland, Japan, Poland, and South Korea had joined an inaugural group of 11 countries working to develop safeguards against the abuse of invasive surveillance technology.

"Commercial spyware has been misused across the world by authoritarian regimes and in democracies [...] without proper legal authorization, safeguards, or oversight," the governments said in a joint statement.


"The misuse of these tools presents significant and growing risks to our national security, including to the safety and security of our government personnel, information, and information systems."

According to a recent report published by Google's Threat Analysis Group (TAG) and Mandiant, commercial surveillance vendors were behind the in-the-wild exploitation of a chunk of the 97 zero-day vulnerabilities discovered in 2023.

All the vulnerabilities attributed to spyware companies targeted web browsers – particularly flaws in third-party libraries that affect more than one browser and substantially increase the attack surface – and mobile devices running Android and iOS.

"Private sector firms have been involved in discovering and selling exploits for many years, but we have observed a notable increase in exploitation driven by these actors over the past several years," the tech giant said.

"Threat actors are increasingly leveraging zero-days, often for the purposes of evasion and persistence, and we don't expect this activity to decrease anytime soon."

Google also said that increased security investments into exploit mitigations are affecting the types of vulnerabilities threat actors can weaponize in their attacks, forcing them to bypass several security guardrails (e.g., Lockdown Mode and MiraclePtr) to infiltrate target devices.