Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster


Apple is adding a new warning about malicious iMessages in iOS 26.6, according to X user @limpless_skelly, who shared a mockup of the notification.

General-Apps-Messages-Redux.jpg

The pop-up will warn users that a message could be trying to harm their iPhone or compromise their privacy. Apple asks users to share the message so it can guard against future attacks, and there are "Not Now," "Share With Apple," and "Don't Report" options to tap. Not Now likely causes the pop-up to surface again at a later time.

New in iOS 26.6 Beta 5: Apple is adding a new "Malicious Message Detected" feature.If iOS detects a potentially malicious message, you'll be warned and can choose to share it with Apple to help investigate the attack and improve future protections. pic.twitter.com/NAVzs528So— (@limpless_skelly) July 13, 2026

The actual alert hasn't been seen yet, but code in iOS 26.6 beta 5 confirms that it is indeed in the beta. It's not yet clear what messages will cause it to appear, but it could be a response to sophisticated exploits and phishing attempts in the Messages app. Apple added a "BlastDoor" sandbox security system to Messages in iOS 14, but in 2021, there was a zero-click iMessage exploit that was able to circumvent it and install spyware on the target device. Apple has since added Lockdown Mode and iMessage Contact Key Verification for extra security, along with spam message filtering.

Unfortunately, the alert looks similar to some of the fake scam pop-ups that show up in Safari, which could confuse iPhone users.

Apple has released five betas of iOS 26.6 so far, and it's nearing a public launch. We're expecting the update to come out sometime around the end of July.

Article Link: iOS 26.6 Will Warn You About Malicious iMessages
 
It does look EXACTLY like those fake antivirus pop-ups that show up in Safari.
Maybe they should add a logo with a certified badge or something to display it comes from iOS or Apple.

I would like to know how it detects the message is malicious before it’s shared with Apple though. Heuristic analysis? Some Siri AI capability 🤔?
 
  • Like
Reactions: fran.tic
Feels like a band-aid. The verification tech already exists — email got SPF/DKIM/DMARC decades ago, voice got STIR/SHAKEN in 2018, and Apple itself shipped iMessage Contact Key Verification back in iOS 17. But it's opt-in, buried in settings, and basically nobody uses it. So instead of making sender verification the default, we get a popup that arrives after the malicious message does and asks you to report it. And as others said it looks exactly like the fake antivirus popups it's meant to protect people from.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.