Apple will send threat alerts to users targeted by Pegasus spyware


Apple threat alert for Pegasus spyware
You'll see the alert by text message, email, and on the Apple ID website.
Image: Apple

Apple says it will send threat alerts to customers who potentially targeted by the NSO Group’s controversial Pegasus spyware.

Cupertino on Tuesday announced that it is suing NSO Group over the tools the Israeli company develops and sells to governments to spy on iPhone owners. Apple’s alerts to affected iPhone users are another effort to prevent software like Pegasus from going unnoticed.

Pegasus targets will get security alerts from Apple

Pegasus has been used by governments to surveil journalists, activists, dissidents, academics and government officials. Once the software is installed on an iPhone, it can access the device’s cameras, microphones and data.

In almost all cases, targets do not know that their device has been infected. But Apple hopes to change that — and in turn make Pegasus a lot less successful — by sending security alerts to those who may have been targeted.

The alerts will be delivered by text message and email. Apple also will display a banner at the top of its Apple ID site when a targeted user logs into their account in a web browser.

Not all threats can be detected

“Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers,” Apple said in a support document. “These users are individually targeted because of who they are or what they do.”

Apple also downplayed the risk of state-sponsored attacks due to the enormous cost to pull them off.

“State-sponsored attacks are highly complex, cost millions of dollars to develop, and often have a short shelf life,” the company said. “The vast majority of users will never be targeted by such attacks. If Apple discovers activity consistent with a state-sponsored attack, we notify the targeted users.”

Apple warned, however, that due to the sophisticated nature of state-sponsored attacks like Pegasus, it’s possible that some will go undetected — or that some alerts will be false.

How to avoid a Pegasus attack

To verify a threat alert from Apple, you can sign into the Apple ID website and see if the banner is visible at the top of the page. Apple says the notifications will never ask users to click links, open files, install apps or verify passwords.

It also provides some steps that iPhone users can take to avoid a spyware attack:

  • Update devices to the latest software, as that includes the latest security fixes.
  • Protect devices with a passcode.
  • Use two-factor authentication and a strong password for Apple ID.
  • Install apps from the App Store.
  • Use strong and unique passwords online.
  • Don’t click on links or attachments from unknown senders.

In addition to threat notifications, Apple bolstered iPhone security in iOS 15 to make it more difficult for spyware to wind up installed on users’ devices.


Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.