Apple says it has no record of a successful spyware attack against any device running Lockdown Mode, the opt-in security feature it introduced in 2022.
"We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device," an Apple spokesperson told TechCrunch.
Lockdown Mode is available on the iPhone, iPad, and Mac, and dramatically restricts certain system features that are commonly exploited by mercenary spyware. When enabled, it blocks most message attachment types, disables certain complex web technologies, and prevents devices from automatically joining non-secure Wi-Fi networks, among other restrictions. Apple designed the feature specifically to protect high-risk users such as journalists, activists, lawyers, and others who may be personally targeted by sophisticated nation-state-level attacks.
Donncha Ó Cearbhaill, head of the security lab at Amnesty International, said he and his colleagues "have not seen any evidence of an iPhone being successfully compromised by mercenary spyware where Lockdown Mode was enabled at the time of the attack." Digital rights organizations including Amnesty International and the University of Toronto's Citizen Lab have documented numerous successful spyware attacks on iPhone users over the years, but none have involved a bypass of Lockdown Mode.
Citizen Lab researchers have confirmed at least two cases where Lockdown Mode actively blocked spyware attacks, with one involving NSO Group's Pegasus and another involving Predator spyware, made by a company now part of Intellexa. Google researchers found that spyware was coded to abort its infection attempt if it detected Lockdown Mode was active, apparently to avoid leaving traces that could expose the attack.
Patrick Wardle, an Apple cybersecurity expert, told TechCrunch, "I think it's safe to say, Lockdown Mode is one of the most aggressive consumer-facing hardening features ever shipped."
