Apple Warns Older iPhones Are Vulnerable to Corona, DarkSword Exploit Kit Attacks
Apple urges users who are still running an older version of iOS to update their iPhones to protect against web-based attacks carried out by powerful exploit kits such as Coruna and DarkSword.
This attack uses malicious web content to target outdated versions of iOS, triggering a chain of infections that lead to the theft of sensitive data.
“For example, if you’re using an older version of iOS and you were to click on a malicious link or visit a compromised website, the information on your iPhone could be at risk of being stolen,” Apple said in a support document.
“We carefully investigated these issues as they were discovered and released software updates as soon as possible for the latest versions of the operating system to address the vulnerability and thwart those attacks.”
Users who are already on the latest version of the iPhone software do not need to take any action. This includes iOS versions 15 to 26, which come with fixes for various security flaws equipped with exploit tools. For others, Apple recommends the following course of action –
- Update to iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, and iPadOS 16.7.15 for older devices that cannot upgrade to the latest iOS version
- Update to iOS 15 on devices with iOS 13 or iOS 14 to get the latest protections and the Critical Security Update that is expected to be pushed out “in the next few days.”
- Consider enabling Lock Mode, if available, in cases where updating the device is not an option to reduce the attack surface and protect against malicious web content and other threats.
“Keeping your software up-to-date is the single most important thing you can do to maintain the security of your Apple products, and devices with updated software were not at risk from this reported attack,” noted Cupertino.
Apple’s advisory comes in the wake of recent reports about two iOS exploits that have been used by various threat actors for various purposes to steal sensitive data from compromised devices. These kits are delivered through watering hole attacks on vulnerable websites.
iVerify said the findings show that iOS vulnerabilities, which were once exploited to target individuals in government-sponsored spyware attacks, are being widely exploited by other threat actors.
“The ease of use of this exploit, and its rapid adoption by many threat actors in many countries, shows that these powerful tools are now readily available in the secondary market for non-sophisticated actors,” said Spencer Parker, chief product officer at iVerify, adding, “national-level mobile exploits are now available for mass attacks.”
“This represents a new level of scale, making widespread mobile attacks an important and unavoidable concern for all businesses. Evidence confirms that these exploits are easy to reuse and recycle, making it more likely that modified deployments are actively infecting undocumented users.”
