"iOS 26 update erases critical trace files used to identify Pegasus intrusions" 24 October 2025

Apple’s latest mobile operating system update, iOS 26, is still being rolled out. However, researchers have already noticed a crucial change to a log file that stores evidence of past device compromises.

According to the iPhone forensics and investigations firm iVerify, this means that if you update, you probably won’t ever find out whether your device had been infected with, for example, Pegasus spyware.

iVerify’s team said it has noticed a change in how iOS 26 handles the shutdown.log file: it effectively erases crucial evidence of Pegasus and Predator spyware infections....

..“It could hardly come at a worse time – spyware attacks have been a constant in the news and recent headlines show that high-power executives and celebrities, not just civil society, are being targeted,” [said Matthias Frielingsdorf, VP of Research at iVerify.]

Pegasus is a powerful type of spyware developed by the NSO Group, an Israeli technology firm. It’s a zero-click trojan that can infect a phone without the user having to click a malicious link...