Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks

Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks Ravie LakshmananMar 20, 2026Mobile Security / Malware Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data. "For example, if you're using an older version of iOS and were to click a malicious link or visit a compromised website, the data on your iPhone might be at risk of being stolen," Apple said in a support document. "We thoroughly investigated these issues as they were found and released software updates as quickly as possible for the most recent operating system versions to address vulnerabilities and disrupt such attacks." Users who are already on the latest version of the iPhone software do not need to take any action. This includes iOS versions 15 through 26, which come with fixes for the various security flaws weaponized by the exploit kits. For others, Apple is recommending the following course of action - Update to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 for older devices that cannot update to the latest version of iOS Update to iOS 15 for devices with iOS 13 or iOS 14 to receive the latest protections along with a Critical Security Update that's expected to be pushed in the "next few days." Consider enabling Lockdown Mode, if available, in scenarios where updating the device is not an option to reduce the attack surface and protect against malicious web content and other threats. "Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products, and devices with updated software were not at risk from these reported attacks," Cupertino noted. Apple's advisory comes in the wake of recent reports about two iOS exploits that have been put to use by multiple threat actors of varied motivations to steal sensitive data from compromised devices. These kits are delivered through a watering hole attack via compromised websites. iVerify said the discoveries show that iOS vulnerabilities, which were once being abused to selectively target individuals in state-sponsored mobile spyware attacks, are being exploited on a mass-scale by other threat actors. "The exploit's relative simplicity to deploy, along with its quick adoption by multiple threat actors in multiple countries, signals that these powerful tools are now readily available on the secondary market for less-sophisticated actors," Spencer Parker, chief product officer at iVerify, said, adding, "nation-state-grade mobile exploitation is now available for mass attack." "This represents a new level of scale, making widespread mobile attacks a critical and unavoidable concern for all enterprises. The evidence confirms that these exploits are easy to repurpose and redeploy, making it highly likely that modified deployments are actively infecting unpatched users." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share SHARE  Apple, cybersecurity, iOS, Malware, mobile security Trending News Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days Load More ▼ Popular Resources Guide - Discover How to Validate AI Risks With Adversarial Testing Get the 2026 ASV Report to Benchmark Top Validation Tools Fix Security Noise by Focusing Only on Validated Exposures Webinar - Identify Key Attack Paths to Your Crown Jewels with CSMA