Apple has issued a high-priority security advisory for iPhone users around the world, warning about the circulation of mercenary spyware attacks. The technology company has identified active campaigns that exploit vulnerabilities in older versions of the operating system, putting the privacy and data of millions of people at risk.
Given the seriousness of the situation, the main and immediate recommendation is that all users completely restart their devices. Esta simple but effective action is seen as a crucial measure to stop the activity of malware that operates exclusively in the device’s memory, in addition to being a preparatory step for installing security updates.
The sophistication of these threats lies in their ability to infect without any user interaction, through exploits known as “zero-click”. The company’s main guidance is to combine the immediate restart with the update to the latest version of iOS, which contains the necessary fixes to permanently block these security holes.
What characterizes mercenary spyware
Unlike common viruses that seek mass financial gain, mercenary spyware represents the pinnacle of digital surveillance. Desenvolvido by private companies specializing in offensive cybersecurity, such as the notorious NSO Group, creator of Pegasus, this type of software is sold for millions of dollars to government agencies and state entities. The objective is not to steal banking data, but rather to carry out complete and continuous surveillance on high-interest individuals, such as journalists, human rights activists, political dissidents and executives of large corporations.
The main technical feature of these attacks is the use of “zero-day” vulnerabilities and “zero-click” infection vectors. A “zero-day” flaw is a security hole unknown to the software manufacturer, meaning there is no fix available. The “zero-click” method allows the infection to occur without the victim having to click on a link, download an attachment or take any action. Spyware delivery can happen completely invisibly, through a simple message received on iMessage or another communication application, making detection and prevention extremely difficult for the average user.
The effectiveness of restart as a defensive measure
The recommendation to restart your iPhone may seem basic, but its effectiveness against advanced malware is rooted in the architecture of modern computers. Muitos Sophisticated spyware is designed to be “non-persistent,” meaning that it resides exclusively in the device’s RAM, a volatile storage area. RAM memory needs constant energy to retain information; When the device is turned off completely, power is cut and all RAM contents, including malicious software, are erased. Esta simple action breaks the spyware’s connection to its command and control servers, forcing the attacker to try a new infection, a process that is expensive, complex and increases the risk of detection. Embora restart does not remove persistent malware that installs itself in the device’s internal storage, it works as a powerful “digital hygiene” tool that disrupts the operation of threats that prioritize stealth over persistence, being a practice validated by global security agencies.
Correct procedure to restart iPhone
To ensure that the reset is effective, it is essential to use the physical buttons on the device. Esta approach ensures a complete hardware shutdown, preventing sophisticated malware from simulating a software restart while remaining active in the background.
The standard method for most recent iPhone models involves simultaneously pressing and holding the side button and one of the volume buttons. Após a few seconds, the “power off” slider will appear on the screen. When dragging it, the user must wait about 30 seconds for the device to turn off completely before pressing the side button again to turn it on.
In situations where the screen is unresponsive, Apple recommends a forced restart. Para this, the user must quickly press and release the volume up button, then quickly press and release the volume down button and, finally, keep the side button pressed until the Apple logo appears on the screen, indicating that the reset process has started.
The importance of updating the operating system
Restarting the device is an immediate containment measure, but the definitive and most robust solution against known vulnerabilities is to keep the operating system up to date. Cada new version of iOS released by Apple contains a package of security fixes that close the loopholes exploited by spyware developers.
Security updates are the result of ongoing work by Apple engineers, who investigate and fix security flaws reported by researchers around the world. By postponing these updates, users keep their devices exposed to risks that have already been neutralized by the company.
A significant number of users choose not to update their devices immediately, whether due to lack of space, fear of performance issues or simply lack of knowledge. Essa practice creates a vast attack surface for cybercriminals, who take advantage of already fixed flaws to target unprotected devices.
To ensure maximum protection, it is highly recommended to enable automatic updates. Essa option can be found under “Settings”, then “General”, then “Software Update”. With this feature enabled, your iPhone will install the latest security fixes automatically, usually overnight, when the device is charging and connected to the Wi-Fi.
Guidance from cybersecurity agencies
Apple’s recommendation is not an isolated case and is in line with guidelines from important government cybersecurity agencies. ANSSI, França’s national information security agency, for example, publicly advises citizens to restart their smartphones at least once a week as a fundamental security practice.
In Estados Unidos, Agência of Segurança Nacional (NSA) has also issued similar statements in the past, highlighting that periodic reboots can frustrate malware operations and make data collection difficult for malicious actors. The convergence of these recommendations from such different sources reinforces the validity and importance of this simple measure for users of all profiles.
Activating Lock Mode for Maximum Protection
For users who, due to their profession or position, believe they are at high risk of being targeted by mercenary spyware attacks, Apple has developed an extreme protection tool: the Modo of Bloqueio (Mode Lockdown). Este optional feature provides an additional level of security by drastically limiting device functionality to reduce the attack surface.
When enabled, Modo of Bloqueio severely restricts applications, websites, and resources. For example, most types of attachments in messages are blocked, complex web technologies are disabled, and FaceTime calls from strangers are barred. Apple states that, to date, there is no evidence that a spyware attack has managed to compromise an iPhone with this mode activated.
Threat notifications from Apple
Since 2021, Apple has implemented a proactive system to directly alert users it believes have been specifically targeted by state-sponsored attacks. Essas threat notifications are sent via email and iMessage to the address associated with the Apple user ID and also display a prominent alert at the top of the appleid.apple.com login page. Esta initiative aims to provide direct warning to those most at risk, enabling them to take immediate action to protect their information and devices.