Targeted by NSO? Apple will now alert you if it detects an attack

Targeted by NSO? Apple will now alert you if it detects an attack

Journalists, lawyers, politicians and human rights activists have all been affected by NSO’s Pegasus software, and Apple has now said it will send security alerts to customers whose devices may have been compromised. It has already done so for at least five Thai activists and researchers.

It follows Apple’s announcement yesterday that it is suing NSO for attacking iOS users …


Our NSO guide explains the background, but the tl; dr version is that the Israeli company makes Pegasus spyware to compromise iPhones and sells it to governments – without being too picky about which ones.

The NSO only sells Pegasus to governments, but its customers include countries with extremely poor human rights records – with political opponents and others targeted. A report by Amnesty International said Pegasus was used to carry out zero-click attacks on human rights activists and other innocent targets.

Messages to those targeted by NSO

Apple is now actively monitoring devices for signs that they have been compromised by Pegasus, and the company will use three different methods to notify those customers it believes may be affected.

A new support document explains.

Apple threat notifications are designed to inform and assist users who may have been affected by state-sponsored attackers. These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers use extraordinary resources to target a very small number of specific individuals and their entities, making these attacks much harder to detect and prevent.

State-sponsored attacks are very complex, cost millions of dollars to develop, and often have a short shelf life. The vast majority of users will never be affected by such attacks.

If Apple detects activity in accordance with a state-sponsored attack, we will notify the targeted users.

The company will notify users in three ways:

  • iMessage
  • Email
  • A warning on the Apple ID website (seen above)

Apple warns that the ever-changing methods used mean that they can not guarantee to detect all attacks, and also that false alarms are possible. The company stresses that these messages will never ask users to click on any links or install anything. Anyone wishing to verify that a warning is genuine should log in to and check for a warning at the top of the page.

Finally, the company outlines the most important security steps that all users should follow to prevent more general attacks.

  • Update devices to the latest software as it includes the latest security fixes
  • Protect devices with a password
  • Use two-factor authentication and a strong Apple ID password
  • Install apps from the App Store
  • Use strong and unique passwords online
  • Do not click on links or attachments from unknown senders

Finally, I would add, do not do this even if the sender is known, unless you actually expect them to send you a link or attachment, as it is both easy and common to falsify sender addresses.

FTC: We use revenue-earning auto affiliate links. More.

Check out 9to5Mac on YouTube for more Apple news:


Please enter your comment!
Please enter your name here