Apple has begun sending lock screen notifications to iPhones and iPads running older operating system versions, alerting users to active web-based exploits and urging immediate updates. The alerts follow the discovery of new iOS exploit kits named Coruna and DarkSword, which have been leveraged by multiple threat actors over the past year to deliver malicious payloads through compromised websites. Coruna targets iOS versions 13.0 through 17.2.1, while DarkSword affects devices running iOS 18.4 through 18.7.
Kaspersky researchers identified Coruna as an evolution of the framework used in Operation Triangulation, a sophisticated zero-click iMessage campaign that emerged in June 2023. The exploit kits have raised concerns about democratizing nation-state-level capabilities, potentially transforming iPhones into a larger attack surface as second-hand zero-day exploits may be traded on active markets. A newer version of DarkSword has reportedly leaked, amplifying these risks.
Users unable to update to supported versions are advised to enable Lockdown Mode, available on iOS 16 and later, which Apple states has no known successful mercenary spyware breaches against enabled devices. The notification system represents Apple's proactive effort to warn users of active threats targeting outdated software. The company released a support document alongside the alerts detailing the exploit kits and emphasizing the critical need for updates.
Read more...