Apple warns iPhone users of targeted malware

Martin Shelton

Principal Researcher

Illustration by Freedom of the Press Foundation. (CC BY 4.0)

It’s the Digital Security Training team at Freedom of the Press Foundation (FPF), with security news that keeps you, your sources, and your devices safe. If someone has shared this newsletter with you, please subscribe here.

In the news

On April 10, Apple sent users in 92 countries warning of mercenary malware attacks targeting the iPhone. The notification did not provide details about the identities of the attackers. According to TechCrunch, Apple warned, “This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.” Apple sent the same alert to Indian journalists and politicians late last year. Read more.

What you can do

  • Apple cautions those who receive these alerts to enable their Lockdown Mode feature to help guard against targeted malware attacks. But for those doing politically sensitive work, don’t wait until Apple sends you a threat notification. Go ahead now and minimize the risk with Lockdown Mode. Yes, it will disable some limited functionality in a handful of apps, but if you feel you could be at elevated risk that may be a very worthy trade-off for your peace of mind. Learn more about Lockdown Mode.
  • While highly targeted malware exploits vulnerabilities in software that companies like Apple have not yet discovered, less-targeted malware exploits more widely known vulnerabilities in the software we depend on. There very well may be software updates available that protect against such attacks. That’s why we always recommend keeping your devices and apps up to date with the newest security updates, and pruning unnecessary apps from your device to prevent the naughty ones from getting a foothold in the first place. Read our mobile security guide.

Updates from our team

  • Are you an early-career security professional interested in learning from and supporting journalists? Now’s your chance — we’re hiring a digital security training intern. Apply or share this post with your networks.
  • Next week we are offering a 75-minute webinar we call "Prepared, not scared: Digital security for the election season," where my colleague Davis Erin Anderson and I will cover topics to help keep you, your sources, and your colleagues safer while covering the U.S. election. Join us on April 25 at 5 p.m. EDT. Register and share the event here.
  • Our director of digital security, Harlo Holmes, is currently at the International Journalism Festival in Italy from April 17-21. Harlo is one of the leading practitioners supporting journalists through hands-on safety clinics at the conference. If you are a journalist in attendance and interested in getting security or safety support, fill out a booking form.

We are always ready to assist journalists with digital security concerns. Reach out here, and stay safe and secure out there.


Donate to support press freedom

Your support is more important than ever.

Read more about Digital Security Digest

Crossfire over messaging security

Johns Hopkins cryptography professor Matthew Green explains that “the cryptography behind Signal (also used in WhatsApp and several other messengers) is open source and has been intensively reviewed by cryptographers. When it comes to cryptography, this is pretty much the gold standard.” By comparison, Telegram does not provide end-to-end encryption protection by default and only offers it as an option in one-on-one “Secret Chat” mode.

Google Docs locks out writer

While it’s powerful and convenient, Google Docs might not be right for all documents, including those that you consider sensitive, private, or that you can’t risk losing. Read more about newsroom privacy and security considerations when using Google Workspace.

Google details app violations

According to its security blog, Google prevented 2.28 million — yes, million — Android apps from being published on its Play Store in 2023. The company says it also removed 333,000 accounts for attempting to deliver malware through the Play Store, as well as for “repeated severe policy violations.” These numbers have grown substantially since 2022, when the company disclosed it prevented 1.43 million apps from being published on the Play Store.