The wording is weird enough that I have to agree. This is the first time I've ever heard spyware segmented using "mercenary" as a qualifier, which is just insanely suspicious.
Oh geez. Legal did not give them the go ahead to make the unqualified statement: “We are not aware of any successful spyware attacks” they had to explicitly qualify it with “mercenary”.
There are more weasel words "we are not aware" - means they actually don't know if such attack was successful, "successful" - what is the definition of success? Maybe attackers got access, but didn't find anything interesting?
I think you are, the words make perfect sense. They know of a lot of attack attempts, and so far they have no reason to believe any were successful. Success can mean a lot of different things, why list it all out (were able to extract data, install malicious software, encrypt files with ransomware, delete any data, etc).
They have a legal department carefully directing what they say. In a court of law, their lawyers will successfully argue that they are beholden to only the precise letter of their statement. Are you arguing that their lawyers are incompetent and imprecise in their wording? If so, what evidence do you have that their lawyers are incompetent?
In light of the correct legal interpretation of their words, being only the specific letters, we can see that your interpretation is incorrect.
> They know of a lot of attack attempts
No, their statement says nothing about attack attempts.
> so far they have no reason to believe any were successful
No, their statement says nothing about their belief, only their explicit knowledge. Their statement says nothing about their investigation practices or whether they even attempted to investigate and learn about attacks. Their statement says nothing about non-mercenary attacks.
Their statement is technically correct as long as any successful attacks they know about are not explicitly known to be committed by mercenarys.
> No, their statement says nothing about attack attempts.
That's a good point. The best way not to know about any successful attacks is not to know about any of them. I also can definitively state that I'm not aware of any successful attacks, but for obvious reasons this is a basically meaningless statement. Without more data, it's not clear how meaningful the statement they gave is, and while it probably is more meaningful than mine, it doesn't make sense to jump from what they said to "there have definitively been no successful attacks" based on it.
I'm just going to ignore your entire first paragraph that tries to use hostility to overcome a clear willful misunderstanding, or strong evidence of a recent stroke.
> No, their statement says nothing about attack attempts.
Exactly, they're keeping the statement brief and correct. They have sent multiple batches of notifications to users on previous attacks.
The statement is clear, covers their primary use case for the product, and I'm sure is legally sound. You're grasping at straws trying to think up ways they can be lying to you. I would be very surprised if you ever have used their lockdown mode with any actual cause.
I am glad that you agree that their legal department’s explicit and intentional exclusion of known successful non-mercenary attacks is precise and legally sound.
It is advisable to not grasp at straws to think up ways that highly paid lawyers are not saying exactly the words they have approved. That is literally their job and they are good at it.
If they meant something more expansive they can do so. It is not the public’s job to do it for them while letting them retreat to the legally binding interpretation at their pleasure.
They can be perfectly aware of nation-state hacks. These are exactly the weasel qualifiers used by the NSA when they were claiming not to be watching the communications of US citizens. "No intercepts were made under program X" specifically sidesteps all the shady stuff under program Y.
They have very good reason to believe that - shareholders and public perception. Apple maintains image of their phone being secure and that is far from the truth. As long as general public don't know their phones have holes like Swiss cheese, the shareholders will be happy.
>"successful" - what is the definition of success?
At risk of stating the obvious, isn't success "hacked it and no one ever found out (at the time)"? By definition, Apple could probably only be aware of unsuccessful attacks. Though that's not guaranteed either, considering all the myriad failure modes that there must be.
> On March 23, 2026, the Hong Kong government changed the implementing rules relating to the National Security Law. It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong, arriving or just transiting Hong Kong International Airport. In addition, the Hong Kong government also has more authority to take and keep any personal devices, as evidence, that they claim are linked to national security offenses.
We knew 30 years ago that message attachments (mostly email at that time) were a huge security problem. All those binary file types to parse... what could go wrong ;)
It's good to see Apple's Lockdown mode having such success by simply disabling message attachments.
I continue to find Lockdown mode frustratingly insulting. Just give me the individual options (too) darnit.
Like "No facetime and message attachments from strangers, no link previews, no device connections", yes, please, I don't want dickpics from strangers.
"No javascript JIT or shared photo albums" no, I actually do want to be able to see friend's albums, and also want my battery to last longer due to optimizing JS.
How hard is it to keep the Lockdown Mode toggle, but also add "no link previews, no facetime calls from strangers, never join insecure wifi networks automatically" as separate option toggles I can turn on if I just want those?
"with spyware" - a small addition. What about state actors, what about (semi)private israeli companies selling their solutions happily to all regimes regardless of consequences, what about any other kinds of hacks? As an european, by far the biggest threat to me are US state actors.
It would be such a good PR if they could just claim nobody has been hacked, period but I don't see that anywhere.
76 comments
> We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device.
> nice to see that Apple tried to speak accurately here.
The key word being "mercenary", which does not rule out first-party spyware.
- can give away your data for free - get hacked by nation-state such as Iran - get hacked by mercenary spyware and not notice
and their statement would still be correct. Now that's an awful lot of qualifiers. Plus that's just what they say.
Apple is digging itself into a hole.
In light of the correct legal interpretation of their words, being only the specific letters, we can see that your interpretation is incorrect.
> They know of a lot of attack attempts
No, their statement says nothing about attack attempts.
> so far they have no reason to believe any were successful
No, their statement says nothing about their belief, only their explicit knowledge. Their statement says nothing about their investigation practices or whether they even attempted to investigate and learn about attacks. Their statement says nothing about non-mercenary attacks.
Their statement is technically correct as long as any successful attacks they know about are not explicitly known to be committed by mercenarys.
> No, their statement says nothing about attack attempts.
That's a good point. The best way not to know about any successful attacks is not to know about any of them. I also can definitively state that I'm not aware of any successful attacks, but for obvious reasons this is a basically meaningless statement. Without more data, it's not clear how meaningful the statement they gave is, and while it probably is more meaningful than mine, it doesn't make sense to jump from what they said to "there have definitively been no successful attacks" based on it.
> No, their statement says nothing about attack attempts.
Exactly, they're keeping the statement brief and correct. They have sent multiple batches of notifications to users on previous attacks.
The statement is clear, covers their primary use case for the product, and I'm sure is legally sound. You're grasping at straws trying to think up ways they can be lying to you. I would be very surprised if you ever have used their lockdown mode with any actual cause.
It is advisable to not grasp at straws to think up ways that highly paid lawyers are not saying exactly the words they have approved. That is literally their job and they are good at it.
If they meant something more expansive they can do so. It is not the public’s job to do it for them while letting them retreat to the legally binding interpretation at their pleasure.
> no reason to believe any were successful.
They have very good reason to believe that - shareholders and public perception. Apple maintains image of their phone being secure and that is far from the truth. As long as general public don't know their phones have holes like Swiss cheese, the shareholders will be happy.
>"successful" - what is the definition of success?
At risk of stating the obvious, isn't success "hacked it and no one ever found out (at the time)"? By definition, Apple could probably only be aware of unsuccessful attacks. Though that's not guaranteed either, considering all the myriad failure modes that there must be.
> On March 23, 2026, the Hong Kong government changed the implementing rules relating to the National Security Law. It is now a criminal offense to refuse to give the Hong Kong police the passwords or decryption assistance to access all personal electronic devices including cellphones and laptops. This legal change applies to everyone, including U.S. citizens, in Hong Kong, arriving or just transiting Hong Kong International Airport. In addition, the Hong Kong government also has more authority to take and keep any personal devices, as evidence, that they claim are linked to national security offenses.
https://hk.usconsulate.gov/security-alert-2026032601/
It's good to see Apple's Lockdown mode having such success by simply disabling message attachments.
Like "No facetime and message attachments from strangers, no link previews, no device connections", yes, please, I don't want dickpics from strangers.
"No javascript JIT or shared photo albums" no, I actually do want to be able to see friend's albums, and also want my battery to last longer due to optimizing JS.
How hard is it to keep the Lockdown Mode toggle, but also add "no link previews, no facetime calls from strangers, never join insecure wifi networks automatically" as separate option toggles I can turn on if I just want those?
It would be such a good PR if they could just claim nobody has been hacked, period but I don't see that anywhere.
Are we supposed to enable Lockdown mode always or only we enable manually when we think we're under attack?
According to instructions in settings, it is supposed to be enabled when under attack, isn't it too late already?
What are we missing...
I find Lockdown Mode challenging, because you basically have to use it on every device you own in the Apple ecosystem to have it enabled.
Apple needs to get their shit together and stop gaslighting people.