Apple Says No One Using Lockdown Mode Has Been Hacked with Spyware

When Apple unveiled Lockdown Mode in 2022, it responded to a growing wave of state‑sponsored spyware campaigns targeting iPhone users. Tools like NSO Group’s Pegasus and Intellexa’s Predator exploit subtle OS pathways—message attachments, link previews, and low‑level WebKit functions—to infiltrate devices without user interaction. By default, iOS balances usability with security, but Lockdown Mode opts for a hardened stance, disabling these high‑risk vectors and requiring users to take extra steps for routine actions. This trade‑off reflects a broader industry shift toward offering optional, enterprise‑grade protections to consumer devices.

Apple’s latest statement that no successful attacks have been recorded on Lockdown Mode‑enabled phones aligns with independent findings from Amnesty International and the University of Toronto’s Citizen Lab. Both organizations documented cases where the feature actively blocked Pegasus and Predator payloads, and Google’s researchers noted that malicious code aborts when it detects the mode. Technically, the feature narrows the attack surface by turning off dynamic code execution paths and restricting background processes, effectively neutralizing many zero‑click exploit chains that have historically been the most lucrative for spyware vendors.

The implications extend beyond individual privacy. For enterprises and governments that mandate secure communications, Lockdown Mode offers a tangible, built‑in hardening layer that reduces reliance on third‑party mobile‑device‑management solutions. Competitors may feel pressure to introduce comparable opt‑in security modes, potentially raising the baseline security posture across the smartphone market. However, the usability friction—extra steps for copying links or receiving limited notifications—means adoption will likely remain concentrated among high‑risk users and organizations that prioritize security over convenience.