Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks
Apple warns users of older iOS versions that remain vulnerable to Coruna and DarkSword exploit kits, which deliver web-based attacks via watering hole tactics to steal sensitive data. The company has released patches for iOS 15 through 26 and urges immediate updates; nation-state-grade mobile exploitation tools are now being repurposed and deployed at scale by multiple threat actors.
Summary
Apple warns users of older iOS versions that remain vulnerable to Coruna and DarkSword exploit kits, which deliver web-based attacks via watering hole tactics to steal sensitive data. The company has released patches for iOS 15 through 26 and urges immediate updates; nation-state-grade mobile exploitation tools are now being repurposed and deployed at scale by multiple threat actors.
Full text
Apple Warns Older iPhones Vulnerable to Coruna, DarkSword Exploit Kit Attacks Ravie LakshmananMar 20, 2026Mobile Security / Malware Apple is urging users who are still running an outdated version of iOS to update their iPhones to secure against web-based attacks carried out via powerful exploit kits like Coruna and DarkSword. These attacks employ malicious web content to target out-of-date versions of iOS, triggering an infection chain that leads to the theft of sensitive data. "For example, if you're using an older version of iOS and were to click a malicious link or visit a compromised website, the data on your iPhone might be at risk of being stolen," Apple said in a support document. "We thoroughly investigated these issues as they were found and released software updates as quickly as possible for the most recent operating system versions to address vulnerabilities and disrupt such attacks." Users who are already on the latest version of the iPhone software do not need to take any action. This includes iOS versions 15 through 26, which come with fixes for the various security flaws weaponized by the exploit kits. For others, Apple is recommending the following course of action - Update to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 for older devices that cannot update to the latest version of iOS Update to iOS 15 for devices with iOS 13 or iOS 14 to receive the latest protections along with a Critical Security Update that's expected to be pushed in the "next few days." Consider enabling Lockdown Mode, if available, in scenarios where updating the device is not an option to reduce the attack surface and protect against malicious web content and other threats. "Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products, and devices with updated software were not at risk from these reported attacks," Cupertino noted. Apple's advisory comes in the wake of recent reports about two iOS exploits that have been put to use by multiple threat actors of varied motivations to steal sensitive data from compromised devices. These kits are delivered through a watering hole attack via compromised websites. iVerify said the discoveries show that iOS vulnerabilities, which were once being abused to selectively target individuals in state-sponsored mobile spyware attacks, are being exploited on a mass-scale by other threat actors. "The exploit's relative simplicity to deploy, along with its quick adoption by multiple threat actors in multiple countries, signals that these powerful tools are now readily available on the secondary market for less-sophisticated actors," Spencer Parker, chief product officer at iVerify, said, adding, "nation-state-grade mobile exploitation is now available for mass attack." "This represents a new level of scale, making widespread mobile attacks a critical and unavoidable concern for all enterprises. The evidence confirms that these exploits are easy to repurpose and redeploy, making it highly likely that modified deployments are actively infecting unpatched users." Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE Tweet Share Share Share SHARE Apple, cybersecurity, iOS, Malware, mobile security Trending News FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack and More Veeam Patches 7 Critical Backup and Replication Flaws Allowing Remote Code Execution Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8 Chinese Hackers Target Southeast Asian Militaries with AppleChris and MemFun Malware Meta to Shut Down Instagram End-to-End Encrypted Chat Support Starting May 2026 Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration ⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents and More CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS Popular Resources Webinar - Identify Key Attack Paths to Your Crown Jewels with CSMA Guide - Discover How to Validate AI Risks With Adversarial Testing Get the 2026 ASV Report to Benchmark Top Validation Tools Fix Security Noise by Focusing Only on Validated Exposures
Indicators of Compromise
- malware — Coruna
- malware — DarkSword