Apple on Wednesday revised documentation about its spyware threat notification system and mentioned that it would alert users when they might be individually targeted by such an attack.
It also specifically called on companies such as NSO Group to develop commercial surveillance tools such as Pegasus, which are used by state actors to carry out “individually targeted attacks of such high cost and sophistication.”
“While mercenary spyware attacks target a very small number of people — often journalists, activists, politicians and diplomats — they are ongoing and global,” Apple said.
“The extremely high cost, sophistication and global nature of mercenary spyware attacks make it one of the most advanced digital threats in existence today.”
The update marks a change in language, which previously said these “threat notifications” were intended to inform and assist users who may be targeted by state-sponsored attackers.
According to TechCrunch, Apple is said to have sent threat notifications to iPhone users in 92 countries at 12:00 noon (Pacific Standard Time) on Wednesday, and the support page has also been modified.
Notably, starting in November 2021, Apple began sending threat notifications warning users it believed had been targeted by state-sponsored attackers.
However, the company also emphasized that it does not “attribute the attacks or resulting threat notifications” to any specific threat actor or geographic region.
The development comes as governments around the world continue to work to combat the misuse and proliferation of commercial espionage software.
Last month, the U.S. government said Finland, Germany, Ireland, Japan, Poland and South Korea had joined the first group of 11 countries working on developing safeguards against the misuse of intrusive surveillance technology.
“Commercial espionage software is abused by authoritarian regimes and democracies around the world […] There is no appropriate legal authorization, safeguards or oversight,” the two governments said in a joint statement.
“The misuse of these tools poses significant and growing risks to our national security, including the safety and security of our government personnel, information and information systems.”
Commercial surveillance vendors were behind the majority of 97 zero-day vulnerabilities discovered in 2023, according to a recent report released by Google’s Threat Analysis Group (TAG) and Mandiant.
All vulnerabilities attributed to spyware companies target web browsers (particularly flaws in third-party libraries that affect multiple browsers and significantly increase the attack surface) as well as mobile devices running Android and iOS.
“Private sector companies have been involved in discovering and selling vulnerabilities for years, but we have observed a significant increase in vulnerabilities driven by these actors over the past few years,” the tech giant said.
“Threat actors are increasingly exploiting zero-day vulnerabilities, often for evasion and persistence, and we don’t expect this activity to decrease anytime soon.”
Google also said that increased security investment in vulnerability mitigations is affecting the types of vulnerabilities that threat actors can weaponize in attacks, forcing them to bypass multiple security guardrails (such as Lockdown Mode and MiraclePtr) to penetrate target devices.
