Apple iPhone and iPad Approved for NATO ‘Restricted’ Classified Data Handling
Apple announced that standard iPhone and iPad devices running iOS 26 and iPadOS 26 have been approved for handling NATO classified information up to the “NATO Restricted” level, meaning the devices no longer require special software or bespoke configurations for use in NATO restricted environments. The approval follows extensive security evaluation and testing, including assessments led by Germany’s Federal Office for Information Security (BSI), and results in the devices being certified for use across all NATO member states and listed in the NATO Information Assurance Product Catalogue.
Separately, research coverage reported that Intellexa’s Predator spyware can suppress iOS’s camera and microphone recording indicators (the green/orange “privacy dots”) on compromised devices by hooking into SpringBoard (e.g., via HiddenDot::setupHook()), preventing UI updates when sensors are activated. This Predator technique requires deep system access and is a distinct issue from NATO’s platform assurance decision, but it underscores that sophisticated spyware can undermine user-facing privacy signals even on iOS versions where those indicators are expected to provide transparency.
Sources
Related Stories
Apple Security and Compliance Updates for Government and Child-Safety Requirements
Apple announced new *age-assurance* capabilities aimed at complying with expanding child-safety regulations, centered on an updated **Declare Age Range API** that returns an age bracket (e.g., under 13, 16–17) rather than a precise birthdate. In certain jurisdictions (including Australia, Brazil, and Singapore), Apple also plans to **block downloads of 18+ apps** until the user confirms they are an adult via an App Store-managed flow, alongside OS-level family settings intended to enforce age-appropriate restrictions without pushing sensitive identity collection to individual apps and websites. Separately, Apple’s **iOS 26** and **iPadOS 26** (with specific hardware) were reported as receiving **NATO Restricted** approval, enabling use for classified information up to the Restricted level under an “Indigo” configuration listed in NATO’s Information Assurance Product Catalogue. The approval was attributed to platform security features such as encryption, **Face ID**, and **Memory Integrity Enforcement**, with additional emphasis on Secure Enclave capabilities in newer chips; the evaluation reportedly involved Germany’s BSI. A third item provides general guidance on **CUI enclaves** and **NIST SP 800-171** controls for protecting Controlled Unclassified Information on mobile/remote-access workflows, but it does not describe the Apple/NATO certification or Apple’s age-verification tooling as a specific event.
1 weeks ago
Predator iOS Spyware Suppresses Camera and Microphone Recording Indicators via SpringBoard Hooking
**Jamf Threat Labs** reverse-engineered *Intellexa/Cytrox Predator* iOS spyware and documented how it defeats Apple’s iOS 14+ privacy indicators (green dot for camera, orange dot for microphone) while conducting covert surveillance. The analysis describes a **post-compromise** capability (not a new iOS vulnerability): Predator requires a device to already be fully compromised, including **kernel-level access** and the ability to inject code into system processes, after which it can silently stream camera and microphone feeds without triggering the on-screen indicators. Technically, Jamf found Predator uses a **single SpringBoard hook** (e.g., `HiddenDot::setupHook()`) to intercept sensor-activity updates before they reach the UI, targeting the method `_handleNewDomainData:` associated with `SBSensorActivityDataProvider`. By nullifying or suppressing the object/updates responsible for indicator state changes (including via Objective-C `nil` messaging behavior), Predator prevents the indicator dots from ever lighting up. Reporting on the research, *BleepingComputer* highlighted that the mechanism does not exploit an iOS flaw itself, but leverages previously obtained privileged access; Jamf also noted an operational limitation where **VoIP recording** may not have the same built-in stealth capability as the camera/microphone indicator bypass.
3 weeks ago
Apple iOS/iPadOS Security Updates and CVE Fixes Across Multiple Releases
Apple published security advisories detailing vulnerability fixes across multiple iOS and iPadOS versions, including iOS/iPadOS **16.7**, **17.2**, **18.1**, **18.3**, **26.1**, and **26.2**. The advisories describe a range of impacts such as sandbox escapes (including Web Content sandbox breakout), privacy issues where apps could access or expose sensitive user data via insufficient log redaction, file-system modification via temporary-file handling, and memory-safety flaws (e.g., out-of-bounds reads, type confusion, and bounds-checking issues) that could lead to crashes or memory corruption. Apple attributes fixes to changes like improved protocol handling, cache handling, input validation, and additional permission restrictions, and references issues by **CVE** where available. Several advisories also highlight device-state and authentication/logic weaknesses: iOS/iPadOS 18.3 includes a case where an attacker with physical access to an **unlocked** device could access Photos while the app is locked (`CVE-2025-24141`), while iOS/iPadOS 18.1 includes a lock-screen exposure issue (`CVE-2024-44274`) and a Shortcuts-related path-handling flaw that could allow arbitrary shortcut execution without user consent (`CVE-2024-44255`). The iOS/iPadOS 26.x advisories include privacy and permission issues (e.g., identifying installed apps, screenshots of sensitive embedded views), potential kernel memory corruption/system termination conditions, and logic/UI issues affecting security posture (e.g., passcode requirement timing after Face ID enrollment restore scenarios and potential FaceTime caller ID spoofing), with multiple findings credited to external researchers and teams (including Google Project Zero, ByteDance IES Red Team, and others).
1 months ago