Apple is dropping its three-year-old lawsuit against NSO Group, the Israeli maker of Pegasus spyware — not because it won, but because winning no longer matters. The spyware market has proliferated so dramatically that eliminating NSO would simply clear space for dozens of competitors who would continue the same attacks, potentially armed with detection-evasion insights gleaned from Apple’s own court filings.
Stories Covered
Apple Drops NSO Lawsuit: Spyware Market Too Fragmented to Win Through Courts
Apple filed suit against NSO Group in 2021 after Pegasus spyware was found exploiting zero-day vulnerabilities in iOS to conduct surveillance on journalists, activists, and political dissidents. The suit was seen as a significant legal counteroffensive against commercial spyware vendors. Three years later, Apple’s executives are seeking to withdraw — citing two interconnected problems. First, the legal discovery process would require Apple to disclose details about how it detects and responds to zero-day exploits, effectively handing a roadmap to every spyware vendor in the market. Second, NSO itself has been fighting to shield its proprietary processes from disclosure, creating an asymmetric situation where Apple shows its hand while NSO stays covered. The calculus turned negative.
The second problem is the more fundamental one. When Apple filed in 2021, NSO Group was the dominant player in the commercial spyware space. A court victory would have materially reduced the threat. By 2024, Google’s Threat Analysis Group reported that 75% of known zero-day exploits against Google products and Android-based systems came from commercial surveillance vendors — plural. Of 37 zero-day vulnerabilities in browsers and mobile devices discovered in one recent year, more than 60% were attributed to spyware vendors selling to governments. The Atlantic Council’s analysis of the Intellexa Consortium documented a complex web of holding companies, developers, and distribution networks that make the spyware market more like an industry than a single threat actor. Apple’s filing acknowledged the shift directly: even a complete victory against NSO would leave a growing list of unaffiliated competitors untouched, each of whom could benefit from the exposed court documents.
The strategic reorientation toward technical countermeasures over legal ones reflects a realistic read of the threat landscape. Apple’s security surface — spanning iPhone hardware, iCloud, iOS across multiple generations, Apple Pay, and device authentication — is vast. Spyware vendors profit precisely from the gap between vulnerability discovery and patch deployment. The commercial surveillance market is growing because it is profitable: government agencies worldwide pay significant sums for capabilities that were once the exclusive domain of national intelligence services. The private sector has largely overtaken government programs in offensive capability development, driven by contract revenue. In that environment, a legal strategy targeting one company is a whack-a-mole approach — costly in disclosure and time, with diminishing returns as the market fragments. Apple’s decision to redirect those resources into its internal threat intelligence program is the correct call.
Leave a Reply