Apple has issued a security advisory urging users running older versions of iOS to update their devices to protect against web based attacks linked to exploit kits such as Coruna and DarkSword. These attack frameworks are being actively used to target outdated iPhone software through malicious web content, triggering a chain of exploitation that can result in the theft of sensitive user data. The advisory highlights growing concerns around large scale targeting of mobile devices, particularly those that have not received recent security updates.
According to Apple, users operating older iOS versions face increased risk if they interact with malicious links or visit compromised websites. These attacks rely on web based delivery mechanisms, often referred to as watering hole techniques, where legitimate sites are compromised to distribute exploits. Once triggered, the attack chain can grant access to personal data stored on the device. Apple noted that it has investigated these vulnerabilities and released updates for supported operating systems to address the underlying flaws and disrupt ongoing exploitation attempts.
Devices running updated versions of iOS, including releases from iOS 15 through iOS 26, are already protected against these threats. However, for users with older hardware that cannot upgrade to the latest versions, Apple has recommended installing specific security updates such as iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15. For devices still operating on even older platforms like iOS 13 or iOS 14, users are advised to upgrade to at least iOS 15 to benefit from critical security patches that are being rolled out. In cases where updating is not immediately possible, enabling Lockdown Mode is suggested as a measure to reduce the attack surface and limit exposure to malicious content.
The advisory follows recent findings that these exploit kits are being used by multiple threat actors across different regions, indicating a broader shift in how mobile vulnerabilities are being leveraged. Researchers from iVerify observed that techniques once associated with targeted surveillance operations are now being adapted for widespread use. The relative ease of deploying such exploits and their availability through secondary channels have made them accessible to a wider range of attackers, increasing the likelihood of mass scale infections targeting unpatched devices.
Security experts emphasize that maintaining up to date software remains the most effective defense against these threats. Apple reiterated that devices running the latest updates were not impacted by the reported attacks, reinforcing the importance of timely patching in mobile security. The emergence of exploit kits like Coruna and DarkSword demonstrates how attackers are evolving their methods to exploit gaps in device updates, making user awareness and proactive security practices essential in reducing risk across the mobile ecosystem.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
