Apple has issued warnings to certain users who have been the target of sophisticated spyware attacks. France’s CERT-FR, operated by ANSSI, confirmed at least four incidents in 2025 when Apple threat notifications were issued for mercenary spyware. Notifications were sent on March 5, April 29, June 25, and September 3 via email or phone numbers tied to Apple IDs. Alerts also appeared when users signed in to their accounts.
Why This Matters
- Many of these attacks exploit zero-day vulnerabilities or require no user interaction, making them highly stealthy and dangerous.
- Targets include high-risk individuals such as journalists, lawyers, activists, politicians, senior officials, and leaders in strategic industries.
- Devices linked to the same Apple ID may also be compromised without the direct knowledge of their users.
Recommendations
- Enable Lockdown Mode on Apple devices to minimize exposure.
- Keep all systems fully patched and updated, especially after zero-day advisories.
- If you receive a threat notification, contact trusted emergency response or digital security helplines for immediate assistance.
- Review all devices tied to your account and check for compromise indicators.
What This Incident Reveals
This wave of spyware alerts highlights the growing use of advanced surveillance tools targeting individuals of public and strategic importance. It demonstrates the urgent need for strong device hygiene, minimized exposure through shared accounts, and heightened awareness among at-risk groups.
About COE Security
COE Security partners with organizations in financial services, healthcare, retail, manufacturing, and government to strengthen resilience and ensure compliance. Our offerings include:
- AI-enhanced threat detection and real-time monitoring
- Data governance aligned with GDPR, HIPAA, and PCI DSS
- Secure model validation to defend against adversarial attacks
- Customized training in cybersecurity best practices
- Penetration testing across Mobile, Web, AI, Product, IoT, Network, and Cloud
- Secure Software Development Lifecycle Consulting (SSDLC)
- Comprehensive cybersecurity services
We help individuals and organizations protect high-risk profiles, secure devices against spyware threats, and enable rapid response when alerts occur.