Apple Inc., the maker of iPhone has sent out a message to its users in 92 countries warning that they may have been targeted by mercenary spyware attacks.
“Attackers remotely tried to compromise the iPhone,” Apple said in a notification email that was sent to targeted users and seen by Reuters.
The company had previously said on its website that its threat notifications were designed to inform and assist users who might have been targeted by “state-sponsored attackers.”
In a previous statement on its website, the company indicated that its threat notifications were intended to provide guidance and support to users who may have been targeted by adversaries supported by nation-states.
- “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-.
- “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” it wrote in the warning to affected customers.
The Looming Peril
Apple’s latest update on the website on Wednesday said threat notifications were designed to help users “who might have been individually targeted by mercenary spyware attacks.”
It also noted that such attacks have been historically associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus spyware from Israeli firm, NSO Group.
- “Mercenary spyware attacks are exceptionally well-funded and they evolve over time. Apple relies solely on internal threat-intelligence information and investigations to detect such attacks.
- “Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack and should be taken very seriously.
- “We are unable to provide information about what causes us to issue threat notifications, as that may help mercenary spyware attackers adapt their behaviour to evade detection in the future,” it said.
iPhone User Guide
While advising those who have received the alert to seek expert help, such as the rapid-response emergency security assistance provided by the Digital Security Helpline at the non-profit Access Now, Apple also provides general safety guidelines for all iPhone users.
According to the company, all users should continue to protect themselves from general cybercriminals and consumer malware by following best practices for security:
- It urges users to update devices to the latest software, as that includes the latest security fixes
- It also urges them to protect devices with a passcode
- It likewise told users to use two-factor authentication and a strong password for Apple ID
- Users should install apps from the App Store
- They should use strong and unique passwords online
- It urges users to not click on links or attachments from unknown senders
It further warned that Apple threat notifications will never ask users to click any links, open files, install apps or profiles, or provide their Apple ID password or verification code by email or on the phone.
