Apple's Lockdown Mode appears to be working as intended. Nearly four years after introducing the feature to protect high-risk users, the company says it is unaware of any device with Lockdown Mode enabled being compromised by mercenary spyware.
Apple spokesperson Sarah O'Rourke recently told TechCrunch that the company is not aware of any successful attacks against devices actively using the feature. Lockdown Mode was introduced in 2022 as an opt-in set of protections designed to defend against highly targeted spyware from companies such as NSO Group, Intellexa, and Paragon Solutions.
Independent security researchers report similar findings. Donncha Ó Cearbhaill, head of the security lab at Amnesty International, said his team has not seen evidence of an iPhone being successfully compromised by mercenary spyware while Lockdown Mode was enabled. Groups including Citizen Lab have documented cases where the feature blocked real-world attacks involving Pegasus and Predator. In at least one instance, researchers at Google observed spyware abandoning an infection attempt after detecting that Lockdown Mode was active.
Lockdown Mode works by reducing the attack surface across iOS, iPadOS, and macOS. When enabled, it blocks most message attachments, limits certain web technologies often used in zero-click exploits, restricts incoming FaceTime calls from unknown contacts, and prevents the installation of configuration profiles. Wired connections to computers or accessories are also blocked unless the device is unlocked.
Separate from Apple's disclosure, we recently saw how these types of protections can matter when a sophisticated spyware toolkit known as DarkSword leaked online. The toolkit relied on a chain of WebKit and kernel vulnerabilities to extract data from targets. Even without relying solely on software patches, enabling Lockdown Mode can disrupt the pathways these tools depend on to gain access.
Apple has become more proactive in identifying and alerting users who may be targeted. The company has sent threat notifications to individuals in more than 150 countries warning of suspected mercenary spyware activity. While Apple continues to patch vulnerabilities for all users, Lockdown Mode is designed for journalists, activists, and others who may face these types of advanced threats. Security researcher Patrick Wardle has described it as one of the most aggressive consumer-facing hardening features available.
Get the iClarified Daily Newsletter
Apple news, rumors, tutorials, price drop alerts, in your inbox every evening, free.
Unsubscribe at any time.
Success!
You have been subscribed.
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
![Apple Working Toward an All-Screen iPhone With No Cutouts [Rumor]](/images/news/100350/100350/100350-160.jpg "Apple Working Toward an All-Screen iPhone With No Cutouts [Rumor]")
![Apple AirTag 4-Pack Drops to $59.99, Just $15 Per Tracker [Deal]](/images/news/100304/100304/100304-160.jpg "Apple AirTag 4-Pack Drops to $59.99, Just $15 Per Tracker [Deal]")
![AirPods Pro 3 Still $199.99 on Amazon ($50 Off) [Deal]](/images/news/100285/100285/100285-160.jpg "AirPods Pro 3 Still $199.99 on Amazon ($50 Off) [Deal]")
