Apple Warned French Users About Spyware Attacks

CERT-FR reported that at the end of last week, Apple issued warnings to users in France whose devices had been targeted by spyware attacks.

According to the agency, at least four rounds of such notifications have been sent in 2025—on March 5, April 29, June 25, and September 3—to phone numbers and email addresses linked to users’ Apple IDs. The same warnings also appear at the top of the page when affected users log into account.apple.com.

“The notifications report sophisticated attacks, most of which exploit zero-day vulnerabilities or require no user interaction at all,” CERT-FR wrote. “These attacks target individuals based on their status or activities—journalists, lawyers, activists, politicians, high-ranking officials, members of governing committees in strategic sectors, and others. Receiving such a notification means that at least one device linked to the iCloud account was selected as a target and may have been compromised.”

Zero-Day Links

While CERT-FR did not provide further detail on what triggered the latest wave of alerts, the timing is notable. In August, Apple released emergency fixes for a zero-day vulnerability (CVE-2025-43300) that had been exploited alongside a zero-click flaw in WhatsApp (CVE-2025-55177). Apple described those campaigns as “sophisticated attacks targeting specific users.”

At the time, Apple’s notifications to potential victims advised performing a full factory reset and ensuring both iOS and WhatsApp remained up to date.

Mitigation Steps

In its latest guidance, Apple continues to recommend that users targeted by spyware:

• Enable Lockdown Mode on their devices.
• Seek emergency security assistance through the Digital Security Helpline from Access Now.

These steps, Apple says, provide additional safeguards against targeted spyware campaigns.