Trash headline from TechCrunch; the exact statement from Apple was:
> We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device.
everdrive 1 days ago [-]
Good call-out, and it's also nice to see that Apple tried to speak accurately here.
sgbeal 1 days ago [-]
> nice to see that Apple tried to speak accurately here.
The key word being "mercenary", which does not rule out first-party spyware.
stephbook 1 days ago [-]
So in essence they
- can give away your data for free
- get hacked by nation-state such as Iran
- get hacked by mercenary spyware and not notice
and their statement would still be correct. Now that's an awful lot of qualifiers. Plus that's just what they say.
jmalicki 1 days ago [-]
Mercenary also excludes people do it for funsies and not getting paid.
mulmen 23 hours ago [-]
Does it also exclude researchers?
calciphus 14 hours ago [-]
Only if they keep refusing to pay bug bounties!
Veserv 1 days ago [-]
Oh geez. Legal did not give them the go ahead to make the unqualified statement: “We are not aware of any successful spyware attacks” they had to explicitly qualify it with “mercenary”.
varispeed 1 days ago [-]
There are more weasel words "we are not aware" - means they actually don't know if such attack was successful, "successful" - what is the definition of success? Maybe attackers got access, but didn't find anything interesting?
Apple is digging itself into a hole.
scottyah 1 days ago [-]
I think you are, the words make perfect sense. They know of a lot of attack attempts, and so far they have no reason to believe any were successful. Success can mean a lot of different things, why list it all out (were able to extract data, install malicious software, encrypt files with ransomware, delete any data, etc).
Veserv 1 days ago [-]
They have a legal department carefully directing what they say. In a court of law, their lawyers will successfully argue that they are beholden to only the precise letter of their statement. Are you arguing that their lawyers are incompetent and imprecise in their wording? If so, what evidence do you have that their lawyers are incompetent?
In light of the correct legal interpretation of their words, being only the specific letters, we can see that your interpretation is incorrect.
> They know of a lot of attack attempts
No, their statement says nothing about attack attempts.
> so far they have no reason to believe any were successful
No, their statement says nothing about their belief, only their explicit knowledge. Their statement says nothing about their investigation practices or whether they even attempted to investigate and learn about attacks. Their statement says nothing about non-mercenary attacks.
Their statement is technically correct as long as any successful attacks they know about are not explicitly known to be committed by mercenarys.
saghm 23 hours ago [-]
> No, their statement says nothing about attack attempts.
That's a good point. The best way not to know about any successful attacks is not to know about any of them. I also can definitively state that I'm not aware of any successful attacks, but for obvious reasons this is a basically meaningless statement. Without more data, it's not clear how meaningful the statement they gave is, and while it probably is more meaningful than mine, it doesn't make sense to jump from what they said to "there have definitively been no successful attacks" based on it.
scottyah 23 hours ago [-]
I'm just going to ignore your entire first paragraph that tries to use hostility to overcome a clear willful misunderstanding, or strong evidence of a recent stroke.
> No, their statement says nothing about attack attempts.
Exactly, they're keeping the statement brief and correct. They have sent multiple batches of notifications to users on previous attacks.
The statement is clear, covers their primary use case for the product, and I'm sure is legally sound. You're grasping at straws trying to think up ways they can be lying to you. I would be very surprised if you ever have used their lockdown mode with any actual cause.
Veserv 20 hours ago [-]
I am glad that you agree that their legal department’s explicit and intentional exclusion of known successful non-mercenary attacks is precise and legally sound.
It is advisable to not grasp at straws to think up ways that highly paid lawyers are not saying exactly the words they have approved. That is literally their job and they are good at it.
If they meant something more expansive they can do so. It is not the public’s job to do it for them while letting them retreat to the legally binding interpretation at their pleasure.
quantified 24 hours ago [-]
They can be perfectly aware of nation-state hacks. These are exactly the weasel qualifiers used by the NSA when they were claiming not to be watching the communications of US citizens. "No intercepts were made under program X" specifically sidesteps all the shady stuff under program Y.
varispeed 1 hours ago [-]
> no reason to believe any were successful.
They have very good reason to believe that - shareholders and public perception. Apple maintains image of their phone being secure and that is far from the truth. As long as general public don't know their phones have holes like Swiss cheese, the shareholders will be happy.
sally_glance 1 days ago [-]
How do you know their definition isn't only "received extortion letters" and "exfiltrate data" is fine as long as it didn't lead to the former?
NoMoreNicksLeft 1 days ago [-]
>"successful" - what is the definition of success?
At risk of stating the obvious, isn't success "hacked it and no one ever found out (at the time)"? By definition, Apple could probably only be aware of unsuccessful attacks. Though that's not guaranteed either, considering all the myriad failure modes that there must be.
Braxton1980 1 days ago [-]
Isn't that assumed? Obviously Apple can't check every iPhone owner to see if they have been hacked now or in the past
mulmen 1 days ago [-]
TechCrunch misrepresented Apple's statement.
calmbonsai 1 days ago [-]
Yep. It's business as usual for that rag.
steve1977 1 days ago [-]
No... they can't... obviously...
CGMthrowaway 1 days ago [-]
Related somewhat:
> On March 23, 2026, the Hong Kong government changed the implementing rules relating to the National Security Law. It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong, arriving or just transiting Hong Kong International Airport. In addition, the Hong Kong government also has more authority to take and keep any personal devices, as evidence, that they claim are linked to national security offenses.
Yeah, another country to add to the "never visit until a sane government appears" list... -.-
seethishat 1 days ago [-]
We knew 30 years ago that message attachments (mostly email at that time) were a huge security problem. All those binary file types to parse... what could go wrong ;)
It's good to see Apple's Lockdown mode having such success by simply disabling message attachments.
et-al 1 days ago [-]
One would hope there would be some sanitization of attachments to prevent this.
I also wish there was a regular option in iOS Messages to disable link previews.
halJordan 20 hours ago [-]
Apple (and Google fwiw) do in fact have impressive hardening around their parsers.
CharlesW 1 days ago [-]
I know you're not being serious, but for anyone who may not realize that, it does more than disabling attachments. Lockdown Mode's "optional, extreme" protection substantially changes the experience of using your device. https://support.apple.com/en-us/105120
TheDong 1 days ago [-]
I continue to find Lockdown mode frustratingly insulting. Just give me the individual options (too) darnit.
Like "No facetime and message attachments from strangers, no link previews, no device connections", yes, please, I don't want dickpics from strangers.
"No javascript JIT or shared photo albums" no, I actually do want to be able to see friend's albums, and also want my battery to last longer due to optimizing JS.
How hard is it to keep the Lockdown Mode toggle, but also add "no link previews, no facetime calls from strangers, never join insecure wifi networks automatically" as separate option toggles I can turn on if I just want those?
sdwr 24 hours ago [-]
Lockdown mode could be life or death for some users. Adding toggles and partial states increases complexity and risk.
TheDong 22 hours ago [-]
Okay, if it's that serious than apple should simply turn it on for everyone. Having toggles for Lockdown mode adds complexity and risk.
The number of users who currently know they need to toggle on lockdown, and would be confused by having toggles under it like "Disable JIT, Disable link previews", etc, is approximately 0.
The number of users who would turn on "disable link previews" and be more secure, but won't enable all of lockdown, is at least me, so that's more than 0. By that logic, it follows that splitting it out makes more users more secure, right?
Let me know where I'm wrong there. Do you legitimately think that there's risk of users knowing they need lockdown mode being unable to find it if there's additional settings added? I guess apple can't add any new settings anywhere.
Do you think that more settings means apple is more likely to introduce a bug that impacts security? I guess apple shouldn't be allowed to add any new settings anywhere.
exabrial 23 hours ago [-]
Perhaps it's time to acknowledge you probably don't know what another persons situation is. Instead of trying to tell them what to do, allow them to choose.
halJordan 20 hours ago [-]
No, lockdown mode isn't a feature for you to do random things. It's a feature to keep gays in Saudi Arabia alive. Non-Han Chinese alive in China. Journalists in Mexico alive.
If they have the option to turn off the life saving measure they will. Thats the way it goes. Bc we don't know which one is the life saving measures, and they depend on each other anyway
You guys are incredibly selfish and self centered to be acting this way
exabrial 18 hours ago [-]
I’m glad you know more any a person’s life than they do. Incredible
TheDong 19 hours ago [-]
The average Non-Han Chinese person doesn't know lockdown mode exists.
If you want to frame it as a life-saving feature, it should be on by default and impossible to turn off, or at the very least should be a required prompt during initial phone setup.
I'm asking for something that will make more people more secure, since I personally know plenty of people who want iMessage security, but for the web to still be functional (i.e. JIT to work).
> If they have the option to turn off the life saving measure they will
Then they'll just turn off all of lockdown mode, like they do now, to see a good friend's photo album. Great.
... I feel like we're talking past each other, and frankly with your tone of voice you're clearly not going to listen to anything anyone says on this, so there's not really any point in having this discussion at all.
il-b 1 days ago [-]
Would Lockdown Mode improve security in cases where the phone is physically connected to a malicious device, such as one from Cellebrite?
kikimora 12 hours ago [-]
I think this is the point of Lockdown Mode.
hmokiguess 1 days ago [-]
To the best of my knowledge I too am unaware of any one using Lockdown Mode-enabled Apple device.
namegulf 1 days ago [-]
It's also confusing.
Are we supposed to enable Lockdown mode always or only we enable manually when we think we're under attack?
According to instructions in settings, it is supposed to be enabled when under attack, isn't it too late already?
What are we missing...
Analemma_ 1 days ago [-]
You’re supposed to enable it if you’re important enough to potentially be the target of an attack. Political dissidents, journalists, government officials, HNWIs with a bunch of cryptocurrency and so on should probably have it on always.
You’re welcome to turn it on even if you’re not in one of these groups, just accept that it increases the friction of using your phone in a bunch of little ways.
daft_pink 1 days ago [-]
I wish I could use Lockdown Mode on my phone, but not on my iPad.
I find Lockdown Mode challenging, because you basically have to use it on every device you own in the Apple ecosystem to have it enabled.
tobyhinloopen 1 days ago [-]
how many users are using lockdown mode
avazhi 1 days ago [-]
I’ve been using it for more than a year.
Parts of it are pretty inconvenient, like with iMessage and FaceTime not working normally, but aside from that it’s not noticeable for my use case.
Despite the inconveniences, unless animated emmojis are important to you I don’t know why you wouldn’t enable it given how strong its protections are.
snailmailman 1 days ago [-]
Every day users? Probably not many. It forcibly disables lots of nice-to-have features.
But users who need a highly secure phone? It’s entirely possible to use the phone without media embeds in iMessage, or shared photo albums, or websites loading in 900 fonts. It’s a trade off likely worth making in some situations.
ectospheno 1 days ago [-]
You can make a shared photo album with family members. It’s everyone else that is problematic with the feature enabled. In my case I only want to share with my wife and son so it wasn’t a detractor for me.
1 days ago [-]
ectospheno 1 days ago [-]
I’ve used it on my personal iPhone since the feature was released. The impact to my life has been minor. I can’t share some thing with my wife in the health app and my son can’t SharePlay with me in the car while I use CarPlay.
tgv 1 days ago [-]
I turned it on, out of curiosity, and the impact is minimal, for me.
captn3m0 1 days ago [-]
I was using it till the 26 upgrade on my iOS 13 Mini. Became very sluggish and unusable that I had to disable it. It clearly isn't tested well.
JumpCrisscross 1 days ago [-]
I turn it on when I travel overseas, and have considered turning it on when I’m near border regions in America.
It’s mostly that I don’t want to be that guy that leaks my company’s secrets.
ya3r 1 days ago [-]
Are we aware of any attacks (or claims of attacks) against any previous version of the iPhone's Lockdown mode?
comboy 1 days ago [-]
*that we know of
criddell 1 days ago [-]
Which is exactly what they said:
> “We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device,” Apple spokesperson Sarah O’Rourke told TechCrunch on Friday.
ectospheno 1 days ago [-]
Which is infinitely better than the cases we know about without the feature enabled.
mulmen 1 days ago [-]
I don't see any bears around here. Bear patrol must be working like a charm.
MikeNotThePope 1 days ago [-]
Completely off topic. I went solo hiking in Azerbaijan in August of 2022, heading towards some hilltop castle thing I saw on Google Maps. Along the way I met some locals who invited me to join them. We got to the castle around midday and I was preparing to walk back to my car alone, and they all strongly advised against it. They said it was dangerous and invited me to go camping with them, which was pretty fun as they gave me my own tent, food, etc. While at the campground, one guy pulled out his phone to show me pictures of the local wildlife, including a big ol' brown bear. I was too stupid to think about what might eat me out in the woods alone, as I lacked the instinct to check for man-eating predators having grown up in an area where I didn't need to worry about such things.
Anyway, now I think about bears before solo hiking.
wat10000 1 days ago [-]
This is a case where bear attacks have happened, and this specific audience includes some rather delicious salmon. If salmon stop getting eaten by bears after the bear patrol is started, it's more reasonable to make that connection.
kakacik 1 days ago [-]
"with spyware" - a small addition. What about state actors, what about (semi)private israeli companies selling their solutions happily to all regimes regardless of consequences, what about any other kinds of hacks? As an european, by far the biggest threat to me are US state actors.
It would be such a good PR if they could just claim nobody has been hacked, period but I don't see that anywhere.
resfirestar 22 hours ago [-]
As I understand it, "mercenary spyware" is Apple's preferred euphemism for the "(semi)private israeli companies selling their solutions happily to all regimes regardless of consequences"
pdpi 1 days ago [-]
No amount of hardware/software hardening will save you if you delete "with spyware" and replace it with "with social engineering". If there have been cases of people being hacked through social engineering, it would be dishonest to make a blanket statement "nobody's been hacked", but it doesn't detract from the effectiveness of the technical measures.
You won't see that anywhere without their usual procedure of redefining the problem definition.
Sorry but you still need to be wary of state actors and the handing over of data to authorities, which is a far simpler approach than breaking security boundaries. The hacking statement is pure marketing.
danaris 1 days ago [-]
This is overly reductive, black-and-white thinking.
Yes, it is impossible to be 100% ironclad secure from all possible methods of either digitally surveilling you or exfiltrating your data.
This does not mean that measures like those in the iPhone's Lockdown Mode are not genuinely helpful to a subset of the population that is at high risk for certain types of attacks.
fred_is_fred 1 days ago [-]
A state actor will just kidnap your kids or throw your wife out a window.
pdpi 1 days ago [-]
A state actor will do those things if they're willing to be overt about their actions. Many aren't, both for the sake of preserving their image, and due to tactical concerns (e.g. you don't want to kill the golden goose).
chuckadams 1 days ago [-]
The point of spyware is that the target isn't aware of it.
indistinction 1 days ago [-]
[dead]
varispeed 1 days ago [-]
And how do they know if they for decade apparently didn't know iOS was compromised?
Apple needs to get their shit together and stop gaslighting people.
> We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device.
The key word being "mercenary", which does not rule out first-party spyware.
- can give away your data for free - get hacked by nation-state such as Iran - get hacked by mercenary spyware and not notice
and their statement would still be correct. Now that's an awful lot of qualifiers. Plus that's just what they say.
Apple is digging itself into a hole.
In light of the correct legal interpretation of their words, being only the specific letters, we can see that your interpretation is incorrect.
> They know of a lot of attack attempts
No, their statement says nothing about attack attempts.
> so far they have no reason to believe any were successful
No, their statement says nothing about their belief, only their explicit knowledge. Their statement says nothing about their investigation practices or whether they even attempted to investigate and learn about attacks. Their statement says nothing about non-mercenary attacks.
Their statement is technically correct as long as any successful attacks they know about are not explicitly known to be committed by mercenarys.
That's a good point. The best way not to know about any successful attacks is not to know about any of them. I also can definitively state that I'm not aware of any successful attacks, but for obvious reasons this is a basically meaningless statement. Without more data, it's not clear how meaningful the statement they gave is, and while it probably is more meaningful than mine, it doesn't make sense to jump from what they said to "there have definitively been no successful attacks" based on it.
> No, their statement says nothing about attack attempts.
Exactly, they're keeping the statement brief and correct. They have sent multiple batches of notifications to users on previous attacks.
The statement is clear, covers their primary use case for the product, and I'm sure is legally sound. You're grasping at straws trying to think up ways they can be lying to you. I would be very surprised if you ever have used their lockdown mode with any actual cause.
It is advisable to not grasp at straws to think up ways that highly paid lawyers are not saying exactly the words they have approved. That is literally their job and they are good at it.
If they meant something more expansive they can do so. It is not the public’s job to do it for them while letting them retreat to the legally binding interpretation at their pleasure.
They have very good reason to believe that - shareholders and public perception. Apple maintains image of their phone being secure and that is far from the truth. As long as general public don't know their phones have holes like Swiss cheese, the shareholders will be happy.
At risk of stating the obvious, isn't success "hacked it and no one ever found out (at the time)"? By definition, Apple could probably only be aware of unsuccessful attacks. Though that's not guaranteed either, considering all the myriad failure modes that there must be.
> On March 23, 2026, the Hong Kong government changed the implementing rules relating to the National Security Law. It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong, arriving or just transiting Hong Kong International Airport. In addition, the Hong Kong government also has more authority to take and keep any personal devices, as evidence, that they claim are linked to national security offenses.
https://hk.usconsulate.gov/security-alert-2026032601/
It's good to see Apple's Lockdown mode having such success by simply disabling message attachments.
I also wish there was a regular option in iOS Messages to disable link previews.
Like "No facetime and message attachments from strangers, no link previews, no device connections", yes, please, I don't want dickpics from strangers.
"No javascript JIT or shared photo albums" no, I actually do want to be able to see friend's albums, and also want my battery to last longer due to optimizing JS.
How hard is it to keep the Lockdown Mode toggle, but also add "no link previews, no facetime calls from strangers, never join insecure wifi networks automatically" as separate option toggles I can turn on if I just want those?
The number of users who currently know they need to toggle on lockdown, and would be confused by having toggles under it like "Disable JIT, Disable link previews", etc, is approximately 0.
The number of users who would turn on "disable link previews" and be more secure, but won't enable all of lockdown, is at least me, so that's more than 0. By that logic, it follows that splitting it out makes more users more secure, right?
Let me know where I'm wrong there. Do you legitimately think that there's risk of users knowing they need lockdown mode being unable to find it if there's additional settings added? I guess apple can't add any new settings anywhere.
Do you think that more settings means apple is more likely to introduce a bug that impacts security? I guess apple shouldn't be allowed to add any new settings anywhere.
If they have the option to turn off the life saving measure they will. Thats the way it goes. Bc we don't know which one is the life saving measures, and they depend on each other anyway
You guys are incredibly selfish and self centered to be acting this way
If you want to frame it as a life-saving feature, it should be on by default and impossible to turn off, or at the very least should be a required prompt during initial phone setup.
I'm asking for something that will make more people more secure, since I personally know plenty of people who want iMessage security, but for the web to still be functional (i.e. JIT to work).
> If they have the option to turn off the life saving measure they will
Then they'll just turn off all of lockdown mode, like they do now, to see a good friend's photo album. Great.
... I feel like we're talking past each other, and frankly with your tone of voice you're clearly not going to listen to anything anyone says on this, so there's not really any point in having this discussion at all.
Are we supposed to enable Lockdown mode always or only we enable manually when we think we're under attack?
According to instructions in settings, it is supposed to be enabled when under attack, isn't it too late already?
What are we missing...
You’re welcome to turn it on even if you’re not in one of these groups, just accept that it increases the friction of using your phone in a bunch of little ways.
I find Lockdown Mode challenging, because you basically have to use it on every device you own in the Apple ecosystem to have it enabled.
Parts of it are pretty inconvenient, like with iMessage and FaceTime not working normally, but aside from that it’s not noticeable for my use case.
Despite the inconveniences, unless animated emmojis are important to you I don’t know why you wouldn’t enable it given how strong its protections are.
But users who need a highly secure phone? It’s entirely possible to use the phone without media embeds in iMessage, or shared photo albums, or websites loading in 900 fonts. It’s a trade off likely worth making in some situations.
It’s mostly that I don’t want to be that guy that leaks my company’s secrets.
> “We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device,” Apple spokesperson Sarah O’Rourke told TechCrunch on Friday.
Anyway, now I think about bears before solo hiking.
It would be such a good PR if they could just claim nobody has been hacked, period but I don't see that anywhere.
Sorry but you still need to be wary of state actors and the handing over of data to authorities, which is a far simpler approach than breaking security boundaries. The hacking statement is pure marketing.
Yes, it is impossible to be 100% ironclad secure from all possible methods of either digitally surveilling you or exfiltrating your data.
This does not mean that measures like those in the iPhone's Lockdown Mode are not genuinely helpful to a subset of the population that is at high risk for certain types of attacks.
Apple needs to get their shit together and stop gaslighting people.