Apple Reports No Known Successful Mercenary Spyware Attacks On Lockdown Mode Devices

Apple’s latest public update on Lockdown Mode marks the most consequential new development in the spyware narrative: the company says there have been no known successful mercenary spyware attacks against devices with Lockdown Mode enabled.

“iPhone security has been in the news this month as Apple patches known exploits”

9to5Mac

This claim reframes the threat, suggesting Lockdown Mode functions as more than a defensive option in the zero-click era.

9to5Mac

Amnesty International and Citizen Lab researchers have documented spyware attacks on iPhones, but public cases do not show a bypass of Lockdown Mode when the feature is active.

Lockdown Mode isn’t cosmetic; Apple describes a sharpened attack surface that blocks most message attachments, disables certain complex web technologies, and prevents devices from automatically joining non-secure Wi‑Fi networks, among other limits.

When activated, it disables 2G/3G cellular support on iPhone and iPad and dramatically reduces features that are commonly exploited by mercenary spyware.

MacRumors

These changes shrink the attack surface, and security researchers have described Lockdown Mode in stark, fortress-like terms.

Despite Apple's public claim, the landscape remains nuanced: Amnesty International and Citizen Lab researchers have documented spyware attacks on iPhone users, but those analyses consistently show no bypass of Lockdown Mode in the instances that have been publicly described.

“Apple says it has no record of a successful spyware attack against any device running Lockdown Mode, the opt-in security feature it introduced in 2022”

MacRumors

Google researchers reportedly found that certain spyware would abort infection if Lockdown Mode was detected, suggesting attackers face a conditional barrier rather than a guaranteed one.

Some outlets highlight that Lockdown Mode blocks or thwarts attacks on two documented cases: Pegasus and Predator.

The new development may influence how journalists and other high-risk users assess risk and decide whether to enable Lockdown Mode, particularly as security patches reach older devices and as leaked tooling targets older iOS versions.

Patches for outdated iOS versions are being pushed, and Lockdown Mode provides a protective option for those who cannot or will not update immediately.

The Tech Buzz

However, the cost is usability: Lockdown Mode is a high-friction setting that blocks attachments, disables some web technologies, and alters routine connectivity, meaning users must weigh personal risk against practical use.

Taken together, the statements from Apple and researchers imply Lockdown Mode raises the bar for targeted attackers, even as underground markets circulate exploits for older software.