IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Apple launching Lockdown Mode with iOS 16 to guard against Pegasus-style spyware

Apple breaks its bug bounty record with $2 million top prize, alongside $10 million grant funding, as it launches industry-first protections for highly targeted individuals

Apple has teased an upcoming security initiative for iPhone, iPad, and Mac users who believe they may be targeted of state-sponsored spyware campaigns in the mould of Pegasus, Predator, and Hermit.

Lockdown Mode, which is coming to iOS 16, iPad OS 16 and macOS Ventura in autumn, will implement stricter security measures on Apple devices to combat the exfiltration or monitoring of sensitive data flowing in and out of Apple hardware.

The feature will offer “extreme, optional protection for the very small number of users who face grave, targeted threats to their digital security”.

Embattled Israeli outfit NSO Group’s Pegasus spyware is perhaps the most infamous programme of this kind, having been found on the devices of numerous high-profile individuals over the past several years, including murdered Saudi journalist Jamal Khashoggi.

Despite being discovered years ago, and with Apple releasing security patches to prevent it infecting devices, Pegasus continues to infect individuals’ devices today. 

Reports from this year have indicated government officials in both the UK and El Salvador have been targeted, years after the first known Pegasus case was reported.

“While the vast majority of users will never be the victims of highly targeted cyberattacks, Apple will work tirelessly to protect the small number of users who are,” said Ivan Krstić, head of security engineering and architecture at Apple on Twitter. “I’m deeply proud of our next steps, including a groundbreaking feature: Lockdown Mode.”

Technical implementations

Apple calls Lockdown Mode a ‘first of its kind feature’ that'll offer a swathe of technical features to keep the digital lives of targeted individuals safe from state-sponsored spyware.

For messaging, Lockdown Mode will block most major attachment types, other than images, and block other features like link previews.

While Apple didn’t explicitly state the reason for this, the measure could have been implemented in relation to Pegasus previously being installed by exploiting a no-click vulnerability in Apple’s iMessage.

A number of “complex web technologies” involved in on-device web browsing will also be blocked, Apple said. Things like just-in-time (JIT) JavaScript compilation - a method of compiling code to make both execution and the overall experience faster - will be disabled unless a user whitelists a given website in Lockdown Mode’s settings, for example.

Incoming invitations and service requests such as FaceTime calls will be blocked for users who have never interacted with the initiator before, and wired connections to other computers or accessories will also be blocked when an iPhone is locked, Apple said.

Lastly, configuration profiles will not be able to be installed, nor can devices be enrolled into mobile device management (MDM) programmes - combatting a method of spyware installation exploited by Hermit. However, Krstić confirmed pre-existing MDM enrollment is preserved after enabling Lockdown Mode.

Apple said it will continue to add additional features to Lockdown Mode over time and as user feedback is received. 

It has also added a special category to its pre-existing bug bounty programme for Lockdown Mode bypasses, offering what it calls the largest potential payout for any bug bounty in the industry  $2 million (£1.67 million)  as a reward for the most severe submissions.

$10 million fund

In addition to the launch of Lockdown Mode, Apple said it will be setting up a $10 million grant, plus any additional funds generated from the damages it receives in its ongoing lawsuit against Pegasus creators NSO Group, to support organisations fighting highly targeted cyber attacks.

Such organisations could include those making efforts to quell state-sponsored spyware attacks, or those tasked with investigating and exposing the operators behind them - and other types of targeted attacks on digital security.

Related Resource

Securing endpoints amid new threats

Ensuring employees have the flexibility and security to work remotely

Whitepaper cover with image of female employee working at home on laptopFree Download

The grant will be made available to the Dignity and Justice Fund which expects to issue the first round of grants in late 2022 or early 2023.

“There is now undeniable evidence from the research of the Citizen Lab and other organisations that the mercenary surveillance industry is facilitating the spread of authoritarian practices and massive human rights abuses worldwide,” said Ron Deibert, director at Citizen Lab, a research group at the University of Toronto long-famed for its investigations into state-sponsored spyware

“I applaud Apple for establishing this important grant, which will send a strong message and help nurture independent researchers and advocacy organisations holding mercenary spyware vendors accountable for the harms they are inflicting on innocent people.”

Featured Resources

The Total Economic Impact™ Of Turbonomic Application Resource Management for IBM Cloud® Paks

Business benefits and cost savings enabled by IBM Turbonomic Application Resource Management

Free Download

The Total Economic Impact™ of IBM Watson Assistant

Cost savings and business benefits enabled by Watson Assistant

Free Download

The field guide to application modernisation

Moving forward with your enterprise application portfolio

Free Download

AI for customer service

Discover the industry-leading AI platform that customers and employees want to use

Free Download


What is cyber warfare?

What is cyber warfare?

20 May 2022
Bahrain targets activists with NSO's Pegasus spyware

Bahrain targets activists with NSO's Pegasus spyware

24 Aug 2021

Most Popular

Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
Google is now spending a staggering amount on blockchain
Business strategy

Google is now spending a staggering amount on blockchain

17 Aug 2022
UK water supplier confirms hack by Cl0p ransomware gang

UK water supplier confirms hack by Cl0p ransomware gang

16 Aug 2022