Apple in early September sent a fresh wave of threat notifications to French users it believes might have been targeted by commercial spyware.
This is at least the fourth time the Cupertino-based tech giant has notified users in France of potential mercenary spyware attacks, according to an alert from the French national Computer Emergency Response Team (CERT-FR).
“This alert records all waves of notifications sent by Apple and known to CERT-FR since March 5, 2025. The list of notification campaigns referenced here is therefore not exhaustive: it only includes the campaigns known to CERT-FR,” the agency notes.
This year, Apple users in France received threat notifications in March, April, June, and September, but the company has been sending these notices since 2021.
The notifications are only delivered to a small number of users who might have been targeted by commercial spyware because of their identity or activities. Most users are never targeted by such attacks.
“These attacks are much more complex than the usual cybercrime activities and as consumer malware, because people who carry out such attacks use exceptional resources to specifically target a very small number of people and their devices. Attacks through mercenary spyware cost millions of dollars,” Apple notes in its description of the threat notifications.
Some of the known commercial spyware families out there include Pegasus, Predator, Graphite, and Triangulation, and have been observed targeting activists, journalists, politicians, senior officials, and other individuals in strategic positions.
“The receipt of a notification means that at least one of the devices linked to the iCloud account has been targeted and would be potentially compromised,” CERT-FR explains.
The agency also points out that a threat notice may come months after the individual was targeted, underlining that people who receive them should take immediate action to secure their accounts and devices.
“The notifications sent indicate highly sophisticated attacks employing for most day-zero vulnerabilities, or even requiring no user interaction,” CERT-FR says.
The agency encourages individuals to keep the notification if they receive one, to avoid making changes to their software or devices – to preserve forensic evidence – and to contact CERT-FR for technical assistance.
The news comes just days after Apple announced that its new iPhone 17 and iPhone Air models include a novel memory protection feature designed to safeguard devices against sophisticated spyware attacks.
Related: Chinese Spies Impersonated US Lawmaker to Deliver Malware to Trade Groups: Report
Related: FreeType Zero-Day Found by Meta Exploited in Paragon Spyware Attacks
Related: Palestinian Lawyer Sues Pegasus Spyware Maker in France
Related: Rights Group Says Lebanese Staffer Targeted With NSO Spyware
