Apple Warns Customers Targeted in Recent Spyware Attacks
Summary:
According to an advisory from the French National Computer Emergency Response Team (CERT-FR), Apple has sent out several notification alerts since the beginning of the year, regarding mercenary spyware attacks targeting its users. These notifications are typically sent to phone numbers and email addresses tied to users’ Apple accounts. They are also displayed at the top of the page, after the user signs in to their iCloud account. Receiving an alert means that at least one of the devices linked to the iCloud account has been targeted and is potentially compromised. To date this year, the CERT-FR says it is aware of such notifications being issued on four different occasions:
“The notifications sent report highly sophisticated attacks, most of which employ zero-day vulnerabilities or require no user interaction at all,” notes the CERT-FR in its advisory.
Security Officer Comments:
Apple devices have long been targeted in spyware attacks, with the vendor reporting such campaigns since 2021. Notably, spyware software such as Pegasus, Predator, Graphite, and Triangulation have been employed in attacks to target individuals of interest such as journalists, lawyers, activists, politicians, senior officials, and members of management committees in strategic sectors. As mentioned above, actors will exploit zero-day vulnerabilities to gain initial access, leading to the deployment of spyware. While it’s unclear what prompted the September 3rd alert, just last month, Apple released emergency updates to address a zero-day flaw (CVE-2025-43300) that was chained with a WhatsApp zero-click vulnerability (CVE-2025-55177) in what the company described as an "extremely sophisticated attack.”
Suggested Corrections:
The following best practices help to better protect the phone against this type of attack:
https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-010/
According to an advisory from the French National Computer Emergency Response Team (CERT-FR), Apple has sent out several notification alerts since the beginning of the year, regarding mercenary spyware attacks targeting its users. These notifications are typically sent to phone numbers and email addresses tied to users’ Apple accounts. They are also displayed at the top of the page, after the user signs in to their iCloud account. Receiving an alert means that at least one of the devices linked to the iCloud account has been targeted and is potentially compromised. To date this year, the CERT-FR says it is aware of such notifications being issued on four different occasions:
- March 5, 2025
- April 29, 2025
- June 25, 2025
- September 3, 2025
“The notifications sent report highly sophisticated attacks, most of which employ zero-day vulnerabilities or require no user interaction at all,” notes the CERT-FR in its advisory.
Security Officer Comments:
Apple devices have long been targeted in spyware attacks, with the vendor reporting such campaigns since 2021. Notably, spyware software such as Pegasus, Predator, Graphite, and Triangulation have been employed in attacks to target individuals of interest such as journalists, lawyers, activists, politicians, senior officials, and members of management committees in strategic sectors. As mentioned above, actors will exploit zero-day vulnerabilities to gain initial access, leading to the deployment of spyware. While it’s unclear what prompted the September 3rd alert, just last month, Apple released emergency updates to address a zero-day flaw (CVE-2025-43300) that was chained with a WhatsApp zero-click vulnerability (CVE-2025-55177) in what the company described as an "extremely sophisticated attack.”
Suggested Corrections:
The following best practices help to better protect the phone against this type of attack:
- Update your devices to the latest version as soon as possible. Apple updates often fix vulnerabilities exploited by spyware
- Enable automatic updates, including security updates
- Separate personal and professional uses as much as possible, ideally by using different devices
- Enable "Isolation Mode" to enhance the security of your Apple devices
- Restart your device regularly, ideally once a day
- Do not click on suspicious links or attachments
- Set up a strong and unique access code
- Use two-factor authentication whenever possible
- Avoid installing unknown apps or apps from alternative app stores
https://cert.ssi.gouv.fr/cti/CERTFR-2025-CTI-010/