The new Citizen Lab research claims Lockdown Mode successfully blocked one of the three new NSO exploits. Users who had Lockdown Mode enabled reportedly received a notification on their phone saying the tools had prevented a bad actor from trying to access the device’s Home App. Citizen Lab researcher Bill Marczak told TechCrunch those successful blocks mark a huge win for the feature and Apple though it’s unclear how many users actually know to enable it in the first place.


“The fact that Lockdown Mode seems to have thwarted, and even notified targets of a real-world zero-click attack shows that it is a powerful mitigation, and is a cause for great optimism,” Marczak said “But, as with any optional feature, the devil is always in the details. How many people will opt to turn on Lockdown Mode? Will attackers simply move away from exploiting Apple apps and target third-party apps, which are harder for Lockdown Mode to secure?”

NSO, despite a worsening financial and political situation, nonetheless looks like it’s getting better at evading detection by researchers. Unlike previous versions of its Pegasus software, Citizen Lab says the recently discovered exploits, “more thoroughly remove data from various iPhone log files,” which they interpret as an effort to evade detection and thwart researchers’ understanding of compromised device vulnerabilities.