Threat Intelligence

iOS 26 erases key spyware detection logs

iPhone 13 Pro with apple logo loading and installing operating system ios 15.5 on the screen close up, new ios 2022 on apple devices sub v. ios 15 for updates

Researchers have discovered that Apple's latest iOS 26 update removes a key forensic artifact used to detect Pegasus and Predator spyware infections, raising major concerns among cybersecurity experts, according to Cybernews.

According to iVerify, a leading iPhone forensics firm, the update changes how the system handles the shutdown.log file, a log that once preserved traces of device compromise, by rewriting it after every reboot.

"This development poses a serious challenge for forensic investigators," said iVerify's VP of Research Matthias Frielingsdorf, warning that evidence of past spyware infections will now vanish upon restart. For years, the shutdown.log had served as an essential record for spotting Pegasus-related activity, even when attackers tried to erase it.

With iOS 26's automatic overwriting, users who update may unknowingly erase historical traces of compromise. iVerify cautioned that the timing is troubling, as "spyware attacks are becoming more common" and high-profile individuals continue to be targeted globally.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds