Apple has alerted iPhone users in India and 98 other countries about the heightened risk of mercenary spyware attacks. This move follows previous warnings issued by the Cupertino tech giant regarding state-sponsored cyber threats. The notifications, updated in April this year, mark a significant shift in Apple's approach to cybersecurity alerts, moving away from solely identifying state-sponsored activities to encompassing broader threats from mercenary spyware.


What Did Apple's Message Say?


The notification from Apple read, "Mercenary spyware attacks, such as those using Pegasus from the NSO Group, are exceptionally rare and vastly more sophisticated than regular cybercriminal activity or consumer malware." The attacks could "cost millions of dollars and are individually deployed against a very small number of people, but the targeting is ongoing and global," Apple added.


ALSO READ: What To Do If You Get Apple Alert On 'State-Sponsored' Attack


Change In Notifications


Earlier in October 2023, Apple had raised similar concerns among users in multiple countries, including India, regarding state-sponsored cyber intrusions, using the label "state-sponsored" attack. 


However, in April this year, Apple updated its security notifications protocol, indicating a notable change in the way it reports and assists its users against malicious cyber activities. It switched to "mercenary spyware attack" as the label. 


This classification is a response to the increasing sophistication and global scope of cyber threats, particularly those involving tools like Pegasus, developed by the NSO Group.


According to Apple, these mercenary spyware attacks are rare but highly sophisticated, targeting a very small number of individuals with potentially severe consequences. The company emphasised that such attacks could cost millions of dollars and are part of ongoing global targeting efforts.


In response to these notifications, Apple engaged in discussions with Indian officials to address concerns and enhance user protections against cyber threats. These dialogues underscore Apple's commitment to navigating the complex dynamics between corporate responsibility and governmental expectations.


Earlier this year, the Indian Computer Emergency Response Team (CERT-In) identified vulnerabilities in Apple's iOS, particularly in Safari web browser versions before 17.4.1, highlighting potential risks of remote code execution on targeted devices. This further underscores the critical need for users to update their systems promptly to mitigate these security risks.