.png){kind=logo}
Apple recently sent spyware alerts to a dozen iPhone users, both in Iran and abroad. These alerts started informing users that their devices had been targeted by advanced spyware associated with state-sponsored actors.
The attacks reportedly took place as tensions escalated between Iran and Israel in early 2025. This warning represents a significant increase in government surveillance. Among the victims are political dissidents within Iran and an Iranian national residing in Europe.
Cybersecurity experts believe that the iPhone spyware uses zero-day, zero-click exploits. These allow attackers to gain full access without requiring the user to click anything. Apple described the malware as “exceptionally rare” and “costing millions of dollars to develop.”
Hamid Kashfi, a Sweden-based cybersecurity researcher investigating the case, identified 12 additional victims within Iran. These individuals were working in the technology sector with some form of government affiliation.
He noted that “pretty much all of the victims spooked out and ghosted us as soon as we explained the seriousness of the case,” emphasizing the fear surrounding the threats. Some victims inside Iran even submitted their phones to local authorities rather than seeking independent analysis.
Since 2021, Apple has rolled out its threat notification system in over 150 countries. These alerts primarily serve to protect end-users from attacks by government-sponsored malware and espionage. Other than these alerts,
Apple recommends enabling Lockdown Mode and consulting digital security helplines for additional protection.
Apple Iran Alert is highlighting a troubling trend in cyber warfare. As spyware becomes more advanced, its usage against civil society and professionals is on the rise.
While the recent Apple security update is commendable, most users lack the resources and knowledge to protect themselves adequately. This situation highlights the need for heightened global awareness, enhanced digital protections, and accountability for those who perpetrate such attacks.
