Apple warns customers targeted in recent spyware attacks
Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR).
CERT-FR is operated by ANSSI, the National Cybersecurity Agency, and is responsible for preventing and mitigating cybersecurity-related incidents impacting public and critical organizations.
According to a Thursday advisory, CERT-FR is aware of at least four instances of Apple threat notifications alerting the company's users about mercenary spyware attacks that have occurred since the beginning of the year.
These alerts were sent on March 5, April 29, June 25, and last week, on September 3, to the phone numbers and email addresses associated with the users' Apple accounts. According to Apple, these warnings are also displayed at the top of the page after the user signs in to their account at account.apple.com.
"The notifications sent report highly sophisticated attacks, most of which employ zero-day vulnerabilities or require no user interaction at all," the cybersecurity agency said.
"Receiving a notification means that at least one of the devices linked to the iCloud account has been targeted and is potentially compromised."
While CERT-FR didn't share more information on what prompted these alerts, last month Apple released emergency updates to patch a zero-day flaw (CVE-2025-43300) that was chained with a WhatsApp zero-click vulnerability (CVE-2025-55177) in what the company described as an "extremely sophisticated attack."
In a threat notification sent to potentially impacted individuals at the time, WhatsApp urged them to reset their devices to factory settings and to keep their devices' operating systems and software up to date.
Apple also advises users who were targeted by mercenary spyware attacks to enable Lockdown Mode and request rapid-response emergency security assistance through Access Now's Digital Security Helpline.
"Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total," Apple says. "Apple does not attribute the attacks or resulting threat notifications to any specific attackers or geographical regions."
An Apple spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
