Comment from Boris Larin, Principal Security Researcher at Kaspersky’s GReAT

Apple notified some of its users worldwide warning them of potential mercenary spyware attacks. It's important to understand that these cyberattacks are highly targeted, aimed at specific individuals. Such attacks require substantial resources and advanced technical expertise. Simply put, if you're targeted by such an actor, it's not a matter of "if" but "when" you'll be infected.

If users suspect they might be of interest to attackers, Kaspersky experts recommend daily reboots: this can help clean the device, forcing attackers to repeatedly reinfect, thereby increasing the chances of detection over time. Additionally, Apple's newly introduced lockdown mode has proven effective in blocking iOS malware infections. Disabling iMessage and FaceTime features also reduces the risk of falling victim to zero-click exploits.

It’s crucial to keep in mind that while iPhones have robust security features, they are not completely immune to attacks as malicious actors continually refine their techniques. Additionally, the closed nature of iOS limits contributions from the broader cybersecurity community, making it challenging to develop full-scale security solutions that complement Apple’s built-in protections.

Lastly, it's essential to regularly check backups and sysdiagnose log files. It was proven with Pegasus and previously reported Operation Triangulation attacks that infections leave traces in the system log, Shutdown.log, stored within any mobile iOS device's sysdiagnose log files. Earlier this year, our team introduced a lightweight method to detect indicators of infection from sophisticated iOS spyware like Pegasus, Reign, and Predator by analysing Shutdown.log, a previously unexplored forensic artefact.