Earlier today, Apple announced that it had filed a lawsuit against the NSO Group, the company responsible for the Pegasus spyware that has been used in state-sponsored surveillance campaigns in a number of countries. NSO Group seeks to exploit vulnerabilities in iOS and other platforms to infiltrate targeted user devices such as journalists, activists, dissidents, academics, and government officials.
As part of its announcement, Apple revealed that it notifies the “small number of users” that have been targeted via the FORCEDENTRY exploit for a now-patched vulnerability that allowed Pegasus to be installed on their devices. Apple also said it will continue to notify users who it believes have been hit by state-sponsored spyware attacks “in line with industry best practices,” and the company has now shared a new support document outlining how it will notify those users.
Messages will be delivered to affected users via email and iMessage messages to the addresses and phone numbers associated with users’ Apple IDs, with the messages providing additional steps users can take to protect their devices. A prominent “Threat Message” banner will also appear at the top of the page when affected users log in to their accounts on the Apple ID web portal.
Users will never be asked to click on links or install apps via email and iMessage messages, so users who receive messages should always log in to their Apple ID accounts online to confirm that threat messages have been issued for their accounts and to learn what to do next.
Apple recognizes that there may be some false alarms with its messages and that some attacks may remain undetected as it faces constantly evolving tactics from state-sponsored attackers. Apple’s threat detection methods will evolve in the same way, and therefore the company will not share information about its methods to prevent attackers’ efforts to avoid detection.
Whether or not you receive a threat message from Apple, the company advises all users to take the following steps to secure their devices:
- Update devices to the latest software as it includes the latest security fixes
- Protect devices with a password
- Use two-factor authentication and a strong password for Apple ID
- Install apps from the App Store
- Use strong and unique passwords online
- Do not click on links or attachments from unknown senders
Finally, Apple shares a list of emergency resources on the Consumer Reports Security Planner website for those users who have not received an Apple threat message but who believe they may have been targeted by state-sponsored attackers for expert help.
Note: Due to the political or social nature of the discussion on this topic, the discussion thread is posted in our political news forum. All forum members and visitors are welcome to read and follow the thread, but posts are limited to forum members with at least 100 posts.