Apple on Wednesday revised documentation for its mercenary spyware threat notification system to mention that it alerts users when they may have been individually targeted by such attacks.
He also specifically called out companies like NSO Group for developing commercial surveillance tools like Pegasus that are used by state actors to carry out “individually targeted attacks of such exceptional cost and complexity.”
“Although used against a very small number of individuals, often journalists, activists, politicians and diplomats, mercenary spyware attacks are ongoing and global,” Apple said.
“The extreme cost, sophistication and worldwide nature of mercenary spyware attacks make them some of the most advanced digital threats in existence today.”
The update marks a change in wording that previously stated that these “threat notifications” are designed to inform and assist users who may have been targeted by state-sponsored attackers.
According to TechCrunch, Apple would send threat notifications to iPhone users in 92 countries at 12pm PST on Wednesday to coincide with the support page overhaul.
It’s worth noting that Apple has begun sending threat notifications to alert users it believes have been targeted by state-sponsored attackers starting in November 2021.
However, the company is also keen to stress that it does not “attribute attacks or resulting threat notifications” to any particular threat actor or geographic region.
The development comes amid ongoing efforts by governments around the world to counter the misuse and proliferation of commercial spyware.
Last month, the US government said Finland, Germany, Ireland, Japan, Poland and South Korea had joined an inaugural group of 11 countries working to develop safeguards against the abuse of surveillance technology invasive.
“Commercial spyware has been misused around the world by authoritarian regimes and in democracies […] without adequate legal authorization, safeguards or supervision,” the governments said in a joint statement.
“The improper use of these tools presents significant and growing risks to our national security, including the security of our government personnel, information and information systems.”
According to a recent report published by Google’s Threat Analysis Group (TAG) and Mandiant, vendors of commercial surveillance systems were behind the wild exploitation of a portion of the 97 zero-day vulnerabilities discovered in 2023.
All of the vulnerabilities attributed to spyware companies have targeted web browsers – particularly flaws in third-party libraries that affect more than one browser and substantially increase the attack surface – and mobile devices running Android and iOS.
“Private sector companies have been involved in the discovery and sale of exploits for many years, but in recent years we have observed a notable increase in exploitation driven by these actors,” the tech giant said.
“Threat actors are increasingly exploiting zero-days, often for the purposes of evasion and persistence, and we don’t expect this activity to abate anytime soon.”
Google also said that increased investments in security to mitigate exploits are impacting the types of vulnerabilities that threat actors can weaponize in their attacks, forcing them to bypass several security guardrails (e.g., Lockdown Mode and MiraclePtr) to infiltrate target devices.