Apple recently issued a spyware campaign alert, according to the French Computer Emergency Response Team (CERT-FR).
The national incident response organization, operated by the French national cybersecurity agency (ANSSI), issued its new advisory on September 11.
In the document, CERT-FR said that Apple notified users of a new spyware campaign a week earlier, on September 3.
CERT-FR explained that receiving such a notification means that at least one device linked to an iCloud account has been targeted and may potentially be compromised.
The organization has urged all individuals in France who received this notification to contact them immediately, as there can be a few months between the moment a device is compromised and the moment Apple sends a notification.
Additionally, recipients are advised to retain the original email from Apple (from either threat-notifications[at]email.apple.com or threat-notifications[at]apple.com) and avoid altering their device in any way, including restarting it, to prevent interference with the ongoing investigation.
CERT-FR noted that Apple has been very proactive since 2021 in its fight against commercial spyware, with regular notifications to potential targets for the past four years.
It noted that Apple sent at least four notifications in 2025, on March 5, April 25, June 25 and September 3.
How to Minimize the Spyware Infection Risk
CERT-FR also provided a list of recommendations to minimize the risk of being targeted by spyware.
These include some basic security hygiene best practices, such as using two-factor authentication (2FA), avoiding clicking on suspicious links and updating all devices as soon as updates are available.
The document also outlined more proactive security measures, including:
- Enabling automatic updates, particularly for security patches
- Strictly separating personal and professional use, ideally by using different devices
- Activating Apple’s Lockdown Mode to enhance the security of your Apple devices
- Restarting your device regularly, ideally once a day
In a significant move to bolster iPhone security, Apple has introduced a new anti-exploit mechanism in the iPhone 17 and iPhone Air (released in September 2025).
This new feature, called Memory Integrity Enforcement, specifically targets memory corruption vulnerabilities, a common attack vector used by spyware developers and state-sponsored hackers.
This update marks another step in Apple’s ongoing efforts to strengthen its devices against sophisticated cyber threats, particularly those that exploit zero-day vulnerabilities.
Read now: European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms
