Lockdown Mode is an iOS, iPadOS, and macOS feature introduced in iOS 16 (2022) that disables several attack surfaces the operating system normally exposes for performance and feature reasons. Designed for users at high risk of targeted commercial-spyware attacks (Pegasus, Predator, Hermit, mercenary-tier implants). Apple’s framing is explicit: most users do not need it; users who do need it are journalists, activists, government officials, and dissidents.
What it means in practice
What Lockdown Mode actually disables. Most message attachment types: only basic image formats render, complex MIME and attachment-parsing surfaces (which most documented zero-clicks have exploited) are blocked. JIT-based JavaScript performance optimizations in Safari: disabled, slowing some pages but removing the JIT-related exploit surface that has been a recurring zero-click vector. FaceTime calls from unknown numbers: blocked. Wired connections from unknown computers when the device is locked: blocked (an additional layer above USB Restricted Mode). Configuration profiles and MDM enrollments: cannot be installed while Lockdown Mode is on. Each disable has a feature cost; the cumulative cost is real, the cumulative reduction in zero-click attack surface is significant.
Who uses it, and against whom
Apple’s explicit positioning: for users targeted by mercenary spyware (NSO Group Pegasus, Intellexa Predator, equivalent). Citizen Lab and Amnesty Security Lab actively recommend Lockdown Mode to clients in their forensic-scan engagements. The 2023 Citizen Lab report on the Operation Triangulation iOS implants noted Lockdown Mode would have blocked the specific delivery vector. Predaxia’s editorial framing: if your work plausibly puts you in the mercenary-spyware-targeting bracket (high-profile journalism on intelligence services or organized crime, legal representation of dissidents, advocacy that has drawn government attention), Lockdown Mode is the highest-leverage iOS configuration available and the feature cost is acceptable.
What you can change today
Enable Lockdown Mode (Settings, Privacy and Security, Lockdown Mode, Turn On Lockdown Mode). The device will reboot and apply the restrictions. Live with the limitations for a week and decide whether the trade-off works for your use case. Some specific impacts: PDF attachments in Mail render in plain text, FaceTime from non-contacts requires a request-and-approval flow, some websites that require WebKit JIT may load slowly. For users in the targeting bracket, the trade-off is sharply favorable. For users not in the targeting bracket, leaving it off and prioritizing standard hardening (hardware-key 2FA, ADP, current OS) is the right baseline.