Apple claims it blocked a load of new NSO spyware

News
By published

Lockdown Mode has actually prevented a spyware attack in the wild

The Apple logo with a colorful background
(Image credit: Apple)

Apple's recently released Lockdown Mode privacy tool has apparently being working well in real world scenarios, with the company revealing it recently stopped a major threat against vulnerable targets.

Useful for iPhone users who are high-level targets, such as journalists and human rights activists, Apple's Lockdown Mode has been found by researchers to have helped block attacks from the notorious Israeli cyber-intelligence firm, the NSO Group, using its Pegasus spyware.

The Citizen Lab, based at the University of Toronto, yesterday published its report where it analyzed three zero-day exploits - i.e. ones that Apple were unaware of - affecting iOS 15 and 16 systems that were used by the NSO Group to target Mexican human rights campaigners, among potential others. 

Last line of defense

Thankfully, however, Lockdown Mode came to the rescue, blocking one of the exploits used, according to the researchers, becoming the first documented case of the feature preventing an attack.

read more

> How to get rid of spyware forever

> Apple sues NSO Group over spyware claims

> UK government reportedly hit by Pegasus spyware

Revelaed in July 2022, Lockdown Mode works by reducing the amount of exposed system code to an attack. The researchers also said that when the targets' phones blocked the attack, they received a notification saying that Lockdown Mode had prevented unauthorized access to the Home app. 

The researchers noted, however, that it may be quite easy for hackers to determine who has and who hasn't got Lockdown Mode turned on, thus helping them to launch more successful attacks. Despite this, they were still buoyed by the fact that the feature worked.

“The fact that Lockdown Mode seems to have thwarted, and even notified targets of a real-world zero-click attack shows that it is a powerful mitigation, and is a cause for great optimism," Bill Marczak, a senior researcher at Citizen Lab, told TechCrunch.

Marczak did add a further caution, however, noting: “As with any optional feature, the devil is always in the details. How many people will opt to turn on Lockdown Mode? Will attackers simply move away from exploiting Apple apps and target third-party apps, which are harder for Lockdown Mode to secure?”

Apple spokesperson Scott Radcliffe said in a statement: “We are pleased to see that Lockdown Mode disrupted this sophisticated attack and alerted users immediately, even before the specific threat was known to Apple and security researchers. Our security teams around the world will continue to work tirelessly to advance Lockdown Mode and strengthen the security and privacy protections in iOS.”

On the other side, in a statement from the NSO Group, spokesperson Liron Bruck said: “Citizen Lab has repeatedly produced reports that are unable to determine the technology in use and they refuse to share their underlying data. NSO adheres to strict regulation and its technology is used by its governmental customers to fight terror and crime around the world.” 

Lewis Maddison
Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.

Read more
WhatsApp China VPN
Paragon spyware campaign targeting journalists disrupted by WhatsApp
Actalis SSL encryption
Apple is right not to bow down to the UK government's encryption backdoor request - but users should still be angry
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
Trojan
WhatsApp patches security flaw which let hackers install spyware
An iPhone with a 10:30am alarm ringing next to an Apple Watch that displays the time as 12:42pm
Apple warns "extremely sophisticated attack" hits iPhones and iPads, so update now
A hand holding an iPhone with the iCloud logo on screen.
UK's Apple iCloud backdoor "jeopardizes the security and privacy of millions," warn experts
Latest in Security
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Google Chrome
Google Chrome security flaw could have let hackers spy on all your online habits
Latest in News
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about Avengers: Doomsday's cast on YouTube, and I think it's going to be a long-winded reveal
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
More about security
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Android Logo

Devious new Android malware uses a Microsoft tool to avoid being spotted
Samsung QN90F on yellow background

Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
See more latest
Most Popular
Samsung QN90F on yellow background
Samsung announces US prices for its 2025 mini-LED TV lineup, and it’s good and bad news
Microsoft Copiot Studio deep reasoning and agent flows
Microsoft reveals OpenAI-powered Copilot AI agents to bosot your work research and data analysis
Nissan 2026 line-up
Nissan is back to its bold best with new EV lineup that's led by a third-generation Leaf – and yes, it's an SUV
Nintendo Switch Lite
Forget the Nintendo Switch 2, the original Switch is getting one last hurrah in a surprise Nintendo Direct tomorrow
Image of Naoe in AC Shadows
Assassin's Creed Shadows best graphics settings for PS5, PS5 Pro, and Xbox Series X
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently making a major announcement about Avengers: Doomsday's cast on YouTube, and I think it's going to be a long-winded reveal
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
Promotional image for Malcolm in the Middle featuring the original cast playing golf
Malcolm in the Middle's Disney+ revival gets underway as the series finds its cast – here's which characters are returning
The Samsung Galaxy S25 Edge on display the January 22, 2025 Galaxy Unpacked event.
Samsung Galaxy S25 Edge colors seemingly revealed in new video, and there’s another sign of an imminent launch
Group of people meeting
Inflexible work policies are pushing tech workers to quit