Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Apple vulnerabilities. Show all posts
Vulnerabilities
Apple Apple vulnerabilities Cybersecurity Vulnerabilities

iOS 26 Update Erases Key Forensic Log, Hindering Spyware Detection on iPhones

 

Researchers have raised concerns that Apple’s latest software release, iOS 26, quietly removes a crucial forensic tool used to detect infections from sophisticated spyware such as Pegasus and Predator. The change affects a system file known as shutdown.log, a part of Apple’s Sysdiagnose tool that for years has helped security experts trace evidence of digital compromise. 

Investigators at cybersecurity firm iVerify discovered that the log, which previously recorded every instance of an iPhone being powered off and on, is now automatically overwritten each time the device reboots. Earlier versions of iOS appended new entries to the file, preserving a timeline of shutdown events that often contained small traces of malware activity. 

These traces had previously been key in confirming spyware attacks on devices belonging to journalists, activists, and public officials. In 2021, forensic analysts revealed that Pegasus, a surveillance tool developed by the Israeli company NSO Group, left recognizable patterns within the shutdown.log, which became instrumental in public investigations into digital espionage. 

After these findings, Pegasus operators began deleting the file to hide their activity, but even those deletions became a clue for analysts, as an abnormally clean log often pointed to tampering. 

The iOS 26 update now clears this record automatically, effectively erasing any historical evidence of infection after a single reboot. 

iVerify researchers said the change may have been introduced to improve performance or reduce unnecessary data storage, but its timing has raised alarms among those tracking spyware use, which has expanded beyond activists to include business leaders and celebrities. 

The update complicates ongoing efforts to investigate and confirm past infections, particularly on devices that may have been compromised months or years ago. Analysts studying Predator, another spyware tool linked to the surveillance firm Cytrox, have reported similar behavior within shutdown.log. 

With Apple yet to comment, experts recommend that high-risk users save a Sysdiagnose report before updating to preserve existing logs. They also advise delaying installation until the company provides clarity or releases a patch. The loss of historical shutdown data, researchers warn, could make identifying spyware on iPhones significantly harder at a time when digital surveillance threats continue to grow globally.
Read more »
Subscribe to: Comments (Atom)