Apple's iOS 26 update has eliminated a key tool that cybersecurity researchers used to detect Pegasus spyware infections on iPhones. The shutdown.log file, which tracked device restarts and crashes, provided forensic evidence of the sophisticated surveillance software but is automatically deleted after each reboot under the new system. NSO Group's Pegasus can infiltrate smartphones without user interaction and grants attackers complete access to messages, calls, photos and device sensors.
Security experts say the change erases critical evidence that helped identify spyware targeting journalists, activists and political figures worldwide. Apple likely modified the system to enhance performance and reduce storage rather than protect against malicious actors, though the company has not addressed the update publicly. The tech giant previously sued NSO Group and notified users about potential spyware threats.
Pegasus has compromised phones belonging to opposition leaders, reporters and American diplomats abroad. Digital privacy advocates are pressing Apple to restore forensic capabilities that help track surveillance abuses. The modification allows one of the most dangerous spyware programs to operate with less risk of detection.
Security experts say the change erases critical evidence that helped identify spyware targeting journalists, activists and political figures worldwide. Apple likely modified the system to enhance performance and reduce storage rather than protect against malicious actors, though the company has not addressed the update publicly. The tech giant previously sued NSO Group and notified users about potential spyware threats.
Pegasus has compromised phones belonging to opposition leaders, reporters and American diplomats abroad. Digital privacy advocates are pressing Apple to restore forensic capabilities that help track surveillance abuses. The modification allows one of the most dangerous spyware programs to operate with less risk of detection.
