Apple said it has not identified any successful cases of government-grade spyware compromising devices with Lockdown Mode enabled, nearly four years after introducing the security feature.
An Apple spokesperson, Sarah O’Rourke, told TechCrunch that the company is not aware of any successful mercenary spyware attacks against devices running with Lockdown Mode active. The statement follows a similar claim made by Apple roughly one year after the feature’s launch in 2022.
Lockdown Mode And Its Security Design
Apple introduced Lockdown Mode as an optional security setting designed to protect users at higher risk of targeted attacks, particularly those involving government spyware. The feature disables or restricts functions commonly exploited in attacks, including certain message attachments and web technologies.
Lockdown Mode was developed in response to threats from spyware vendors such as NSO Group, Intellexa, and Paragon Solutions. These firms have been associated with tools used to monitor individuals through device-level compromises.
Independent Research And Observations
External researchers report similar findings. Donncha Ó Cearbhaill, who leads the security lab at Amnesty International, said his team has not observed any successful spyware infections on iPhones where Lockdown Mode was enabled at the time of attack.
Investigations by Amnesty International and Citizen Lab have documented multiple spyware incidents affecting Apple users, but none have identified a bypass of Lockdown Mode. In some cases, researchers said the feature actively blocked attacks, including attempts involving Pegasus spyware from NSO Group and Predator spyware linked to Intellexa.
Researchers from Google have also reported that certain spyware tools may abandon attempts to infect devices when Lockdown Mode is detected, potentially to avoid exposure.
User Notifications And Visibility Into Attacks
Apple has increased its efforts to notify users who may have been targeted by spyware. The company has issued alerts to individuals in more than 150 countries, though it has not disclosed the total number of notifications sent. These alerts indicate a broader visibility into attempted attacks, even when compromises are not confirmed.
The company has acknowledged in recent years that its devices can be targeted, while expanding its response measures and communication with affected users.
Security Impact And Limitations
Cybersecurity researcher Patrick Wardle described Lockdown Mode as one of the most restrictive security features available to consumers. He said the feature reduces the number of potential attack methods by limiting access to system components often used in exploits.
Wardle noted that Lockdown Mode reduces exposure to zero-click attacks, which can target devices without user interaction, by restricting features such as WebKit and blocking most message attachment types.
While Apple and independent researchers report no confirmed breaches, it remains possible that undetected attacks could exist. Apple has not provided detailed metrics on attempted or blocked attacks, and the company continues to maintain limited public disclosure on internal security findings.
Featured image credits: Freerange Stock
For more stories like it, click the +Follow button at the top of this page to follow us.