Apple has issued urgent alerts to iPhone users in nearly 100 countries, warning them that they may be the target of sophisticated spyware attacks. The company began notifying individuals on Wednesday through its “Threat Notification” system, a measure it launched in 2021 to warn users facing serious digital threats.
According to Apple, these attacks involve what it calls “mercenary spyware”—a type of surveillance software sold to government agencies or private operators. These tools are used to secretly monitor individuals’ devices, often without the victim’s knowledge or interaction.
Though Apple did not name specific spyware in this wave of alerts, the company referenced Pegasus as a known example. Pegasus, developed by Israeli firm NSO Group, has been widely linked to surveillance operations against journalists, human rights workers, and political opponents. It can infect a phone remotely and access data like messages, photos, microphone input, and even live location.
In past cases, spyware like Pegasus has exploited “zero-day” vulnerabilities—flaws in software that are unknown to the vendor and have no available patch. These attacks are typically targeted at individuals who are considered high-value surveillance targets due to their work or public role.
How Users Are Notified
Users who have been identified as potential targets are alerted through multiple channels. Apple sends emails and iMessages to the affected accounts, and also places a prominent alert on the user’s Apple ID account page. The message comes from the official Apple address “threat-notifications@apple.com.”
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID. This attack is likely targeting you specifically because of who you are or what you do.”
Apple does not include clickable links or attachments in these messages to prevent phishing and further security risks.
What You Should Do
For those who receive the alert, Apple recommends taking several steps immediately:
Turn on Lockdown Mode: This is a special security setting in iOS that restricts some common features to reduce the risk of surveillance. It can be activated under Settings > Privacy & Security > Lockdown Mode.
Update to the Latest iOS Version: Apple recently released iOS 18.4.1, which includes patches for two known security vulnerabilities.
Seek Digital Security Help: Individuals at high risk, such as journalists or activists, can contact Access Now’s Digital Security Helpline for guidance and support.
Who Is Being Targeted?
Apple says these attacks are not random. Victims are likely selected because of their roles in society—often involving journalism, activism, politics, or legal work. While the company did not disclose which countries were involved in this latest round of warnings, reports indicate that notifications were sent in regions across the globe, including South Asia, Africa, the Middle East, and parts of Europe.
Apple’s Broader Security Strategy
Apple has long positioned itself as a privacy-first company, and it continues to invest in efforts to detect and block spyware. In 2021, Apple filed a lawsuit against NSO Group, accusing the company of targeting Apple users with malicious software. The company has also committed to informing users who are under digital surveillance when it becomes aware of credible threats.
Apple’s threat notification page explains that its methods for identifying targeted users are based on internal threat intelligence and investigation. The company admits that it cannot reveal too many technical details, as doing so would help attackers adapt their methods.
Users concerned about their security can learn more about Apple’s Threat Notifications and Lockdown Mode through the company’s official security page.
