Apple has begun sending Lock Screen notifications to iPhones and iPads running outdated iOS and iPadOS versions, warning users of active web-based attacks and urging them to install the latest updates. The alerts are part of the company’s response to emerging iOS exploit kits, including Coruna and DarkSword, which target older devices.
The notification displayed on affected devices reads: “Apple is aware of attacks targeting out-of-date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone.”
Threat Landscape: Coruna and DarkSword
These exploit kits are designed to deliver malicious payloads when users visit compromised websites. Coruna targets iOS versions 13.0 through 17.2.1, while DarkSword focuses on iOS 18.4 to 18.7.
A recent report from Kaspersky indicates that the Coruna kit is an evolution of Operation Triangulation, a sophisticated campaign that previously leveraged zero-click iMessage exploits to compromise iPhones. Kaspersky emphasized that Coruna is a continuously maintained framework rather than a patchwork of publicly available exploits.
The origins of these kits remain unclear, though cybersecurity researchers suggest that a secondary market for zero-day exploits may have enabled multiple threat actors to gain access. The leak of DarkSword in particular raises concerns that advanced exploits, previously restricted to nation-states, may now be more widely available, potentially increasing the attack surface for iPhones and iPads.
Mitigation Steps for Users
Apple advises users to update to the latest supported iOS or iPadOS version immediately. For devices that cannot be updated, enabling Lockdown Mode—available on iOS 16 and later—can help mitigate risks from malicious web content. Apple has stated that, to date, there have been no successful spyware attacks against devices protected by Lockdown Mode.
The alerts signal Apple’s heightened response to a growing mobile threat environment, where sophisticated web-based exploits are increasingly being weaponized against consumers and enterprise users alike.
