Key IOCs for Pegasus and Predator Spyware Removed with iOS 26 Update

The iOS 26 update removes key Indicators of Compromise (IOCs) for Pegasus and Predator spyware infections by overwriting the shutdown.log file on every device reboot, erasing evidence of older detections. The shutdown.log file has been crucial in detecting iOS malware, but the update now poses a challenge for forensic investigators and individuals trying to identify compromised devices. Pegasus and Predator spyware have evolved their evasion tactics over the years, with Pegasus developers implementing more robust wiping mechanisms to erase traces from the shutdown.log. Users are advised to save a sysdiagnose of their device before updating to iOS 26 to preserve potential evidence and consider delaying the update until Apple addresses this issue.