France Alerts Apple Users to Major New Spyware Threat
▼ Summary
– Apple issued a spyware campaign alert on September 3, 2025, as reported by CERT-FR.
– CERT-FR warned that receiving this notification indicates a device linked to an iCloud account may be compromised.
– The agency urged French recipients to contact them immediately and preserve the original Apple email without altering their device.
– CERT-FR provided security recommendations, including using 2FA, enabling updates, and activating Apple’s Lockdown Mode.
– Apple introduced Memory Integrity Enforcement in the iPhone 17 and iPhone Air to target memory corruption vulnerabilities.
A major new spyware threat has prompted urgent warnings from French cybersecurity authorities directed at Apple users across the nation. The French Computer Emergency Response Team, known as CERT-FR, has issued a critical advisory following alerts distributed by Apple concerning a sophisticated spyware campaign.
On September 11, CERT-FR, operated by the French national cybersecurity agency ANSSI, published guidance in response to notifications Apple began sending to users a week earlier. These warnings, delivered starting September 3, indicate that at least one device associated with an iCloud account has been targeted and could already be compromised. The agency emphasized that delays of several months can occur between an actual compromise and the receipt of an official Apple notification.
Individuals in France who have received such an alert are strongly urged to contact CERT-FR without delay. Recipients should preserve the original email from Apple, sent from threat-notifications[at]email.apple.com or threat-notifications[at]apple.com, and are advised not to restart or alter their device in any way to avoid disrupting potential forensic analysis.
CERT-FR acknowledged Apple’s consistent efforts since 2021 to combat commercial spyware, noting that the company has routinely issued threat notifications over the past four years. In 2025 alone, Apple sent alerts on at least four separate occasions: March 5, April 25, June 25, and most recently on September 3.
To help users lower their risk of a spyware infection, CERT-FR suggested several protective strategies. These begin with basic security steps, such as enabling two-factor authentication (2FA), steering clear of suspicious links, and promptly installing software updates. They also advised more advanced actions, like activating automatic updates for essential security patches.
In a move to reinforce device security, Apple has introduced a new anti-exploit mechanism called Memory Integrity Enforcement in its latest iPhone 17 and iPhone Air models. This feature specifically targets memory corruption vulnerabilities, a common tactic employed by spyware developers and state-sponsored hackers. This enhancement underscores Apple’s ongoing commitment to protecting against sophisticated cyber threats, including those that leverage zero-day vulnerabilities.
(Source: InfoSecurity Magazine)
