Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Predator iOS indicator-hiding analysis reveals SpringBoard hook that suppresses camera and microphone dots

Technical Analysis
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

Jamf's analysis of Predator spyware shows it can suppress iOS 14 camera and microphone indicators by hooking SpringBoard, letting live surveillance remain invisible to users. The stealth path prevents sensor updates from reaching the UI layer, so the green or orange dot never appears. The findings also surface defender-relevant signs such as unusual memory mappings, exception ports, breakpoint-based hooks, and suspicious audio-file writes.

Related Happenings

Predator spyware targeting Teixeira Cândido's iPhone

Malware Activity
First: 18.02.2026 19:30 Last: 18.02.2026 19:30 Sources 1

About this happening: **Predator spyware** successfully targeted **Teixeira Cândido's iPhone** in **May 2024**, giving an attacker the ability to gain **unrestricted access** to the device. The infecti...

Open Happening

Apple iOS and iPadOS 26.4 Beta adds RCS end-to-end encryption and new device protections

Security Tool/Service
First: 17.02.2026 08:44 Last: 17.02.2026 08:44 Sources 1

About this happening: Apple’s **iOS and iPadOS 26.4 Beta** now tests **end-to-end encryption (E2EE)** for **RCS messages**, strengthening message confidentiality for Apple users. The same beta also exp...

Open Happening

Android RAT campaign using Hugging Face dropper lure

Campaign
First: 16.02.2026 12:24 Last: 16.02.2026 12:24 Sources 1

About this happening: In recent weeks, a **live Android RAT campaign** has used **Hugging Face** to deliver malicious APKs through a fake-update lure. The operation starts with a dropper app, such as *...

Open Happening

Apple dyld memory corruption flaw actively exploited (CVE-2026-20700)

Vulnerability
First: 12.02.2026 07:39 Last: 12.02.2026 07:39 Sources 1

About this happening: Apple's **CVE-2026-20700** is an **actively exploited** **dyld** memory corruption flaw that can enable **arbitrary code execution** on susceptible Apple devices. The company said...

Open Happening

Apple security patch release for CVE-2026-20700

Security Patch Release
First: 12.02.2026 03:06 Last: 12.02.2026 03:06 Sources 1

About this happening: **Apple** released security updates for **CVE-2026-20700**, a **dyld arbitrary code execution** flaw affecting **iOS, iPadOS, macOS, tvOS, watchOS, and visionOS**. The release mat...

Latest development: 12.02.2026 09:48

Apple released iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, watchOS 26.3, visionOS 26.3, and Safari 26.3 with fixes for CVE-2026-20700, while older branches iOS 18.7.5, iPadOS 18.7.5, macOS Sequoia 15.7.4, and macOS Sonoma 14.8.4 also received security updates. The iOS and iPadOS updates resolve nearly 40 vulnerabilities, the macOS Tahoe refresh fixes over 50 security defects, and Safari 26.3 includes fixes for eight security defects.

Open Happening

Timeline

  1. 21.02.2026 18:13 2 articles · 3mo ago

    Jamf analyzes Predator iOS indicator-hiding mechanism

    Technical Analysis Update

    Jamf analyzed Predator samples and documented how the spyware uses HiddenDot::setupHook() inside SpringBoard to suppress iOS 14 camera and microphone recording indicators by intercepting sensor-status updates before they reach the UI layer. The analysis also describes a separate camera-access path that uses ARM64 instruction pattern matching and PAC redirection to bypass permission checks, and it notes defender-visible artifacts such as unexpected memory mappings or exception ports in SpringBoard and mediaserverd, breakpoint-based hooks, and audio files written to unusual paths.

    Show sources
    Open in new tab