Sign in Join
Cyber Attack Apple’s latest operating system update, iOS 26, inadvertently introduces a forensic catastrophe for security researchers and device users concerned about spyware infections. The update fundamentally changes how the shutdown.log file operates, effectively erasing crucial evidence of sophisticated malware like Pegasus and Predator spyware from affected devices. For years, the shutdown.log file buried within the Sysdiagnoses section of Unified Logs has served as a critical forensic artifact for detecting iOS malware. Located in the path Sysdiagnose Folder > system_logs.logarchive > Extra > shutdown.log, this log file records system activities during the device shutdown sequence, providing investigators with an often-overlooked window into potential compromises. However, iOS 26 fundamentally changes this by overwriting the shutdown.log file on every device reboot rather than appending new entries and preserving historical snapshots. The shift from appending to overwriting represents either an intentional design decision or an unforeseen bug with significant implications.
Published: October 27, 2025 4:21 pm
Source: Cyber Press — Read original