Apple has issued a critical security advisory, urging users of older iPhone models to immediately update their device's operating system. The warning highlights active, web-based attacks leveraging powerful exploit kits known as Coruna and DarkSword. These kits target unpatched vulnerabilities in outdated versions of iOS, initiating an infection chain designed to exfiltrate sensitive personal data from compromised devices. According to Apple, the attack vector is straightforward: a user on a vulnerable iPhone need only click a malicious link or visit a compromised website to trigger the exploit, putting all data on the device at risk.
The company emphasized that its security teams moved swiftly upon discovery of these threats. "We thoroughly investigated these issues as they were found and released software updates as quickly as possible for the most recent operating system versions to address vulnerabilities and disrupt such attacks," Apple stated in a support document. The fixes are integrated into recent iOS versions, specifically from iOS 15 through to the latest iOS 26. Consequently, users already running these updated versions require no further action. For all others, Apple's guidance is unequivocal: updating software is the most critical step for maintaining device security.
This advisory follows independent cybersecurity reports detailing the proliferation of these iOS exploit kits. Analysis from firms like iVerify indicates a significant shift in the threat landscape. Vulnerabilities that were once the exclusive tools of sophisticated, state-sponsored actors for highly targeted spyware campaigns are now being weaponized for mass-scale attacks by a broader range of threat actors. The relative simplicity of deploying kits like Coruna and DarkSword, coupled with their rapid adoption by criminal groups across multiple countries, signals that powerful intrusion tools have become commoditized and widely accessible in the cyber underground.
The attacks are typically delivered via "watering hole" tactics, where legitimate websites are compromised to host the malicious code, silently ensnaring visitors with outdated iOS. Apple's core message reinforces a fundamental security principle: proactive patch management. "Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products," the company noted, adding that devices with updated software were not at risk from these specific reported attacks. This incident serves as a stark reminder that in the absence of regular updates, even Apple's historically secure ecosystem can be breached by widely available exploit kits.
