Mitigate mercenary spyware attacks for iPhone with Jamf Executive Threat Protection

On April 10, 2024, Apple issued a threat notification to iPhone users across 92 countries warning of a potential mercenary spyware attack, according to TechCrunch.

"Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-

This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously."

Apple has been alerting targeted iPhone users with these threat notifications since 2021. Late last year, Apple sent threat notifications to several Indian lawmakers that their iPhones were targets of state-sponsored attacks.

The first important step that any organization can take is implementing a mobile security strategy across all endpoints. Mobile Threat Defense (MTD) solutions typically include important security capabilities that include app security, web threat protection, phishing protection, category-based content filtering and mobile endpoint telemetry.

Unfortunately, most MTD solutions are unable to detect or prevent these advanced and highly-targeted exploits. For an organization’s most sensitive users, additional layers of security are recommended.

In 2022, Apple introduced Lockdown Mode with iOS 16, which is a preventative measure that reduces the device’s attack surface that could potentially be exploited. Lockdown Mode can be enabled by users that desire an extra layer of security; however it is not designed to identify compromise. Similarly, it cannot remediate a device that has already been compromised. Jamf Threat Labs recently demonstrated how attackers could potentially tamper with Lockdown Mode on a compromised devices that may create a false sense of security.

If you believe you may have an iPhone user that was targeted by these mercenary spyware attacks, Jamf can help. Jamf Executive Threat Protection is an advanced detection and response solution for iPhone and Android that is designed to detect the most sophisticated attacks targeting mobile users. By analyzing a variety of data from mobile devices, Jamf is able to identify indicators of compromise that result from mercenary spyware attacks. This allows organizations to identify compromised devices in minutes and take appropriate actions for remediation to mitigate the risk associated with an impacted device.