CERT-FR reported that at the end of last week Apple warned users that their devices had become the target of attacks using spyware.
Experts say they are aware of at least four instances of such notifications being sent in 2025. Specifically, warnings were sent on March 5, April 29, June 25, and September 3 to phone numbers and email addresses associated with users’ Apple accounts. The warnings are also displayed at the top of the page on account.apple.com after the user signs in to their account.
“The notifications report sophisticated attacks, most of which exploit zero-day vulnerabilities or require no user interaction at all,” writes CERT-FR. “These sophisticated attacks target individuals based on their status or activities: journalists, lawyers, activists, politicians, senior officials, members of governing boards in strategic sectors, and so on. Receiving such a notification means that at least one of the devices associated with your iCloud account was selected as a target of the attack and potentially compromised.”
Experts did not provide additional information about what triggered the sending of these warnings. However, it is worth noting that last month Apple developers released emergency patches to fix a zero-day vulnerability (CVE-2025-43300), which was used in conjunction with a zero-click vulnerability in WhatsApp (CVE-2025-55177) for “sophisticated attacks targeting specific users.”
In the notification sent at the time to potential victims, the developers recommended performing a full factory reset of the device, and then keeping the OS and the WhatsApp app up to date for optimal protection.
Additionally, Apple advises users who have become targets of spyware attacks to enable Lockdown Mode and seek emergency security assistance through Access Now’s Digital Security Helpline.