Back to News
News

Apple Pushes Lock Screen Alerts to iPhones Over Active Web Exploits

CyberSecurityWaala 21 hours ago Mar 28, 2026
Apple Pushes Lock Screen Alerts to iPhones Over Active Web Exploits

Apple warns users about active web-based attacks

Apple has begun sending Lock Screen notifications to iPhones and iPads running older versions of iOS and iPadOS. The alerts tell users that Apple is aware of attacks targeting out-of-date iOS software and urge them to install a critical update to protect their device. MacRumors first reported the notifications appearing on affected devices.

What the notices say

The alert appears as a Critical Software message from the Settings app. Apple wrote in the notification, “Apple is aware of attacks targeting out of date iOS software, including the version on your iPhone. Install this critical update to protect your iPhone.”

Which exploit kits are involved

Apple linked the warnings to recent reports about two iOS exploit kits named Coruna and DarkSword. According to Apple, Coruna can target devices running iOS versions from 13.0 through 17.2.1. DarkSword is aimed at devices running iOS versions between 18.4 and 18.7. Apple told users that clicking a malicious link or visiting a compromised website on an unpatched device could lead to data theft.

What researchers found

Security vendor Kaspersky said Coruna is an evolution of a commercialized framework used in a prior campaign known as Operation Triangulation. Kaspersky wrote, “Coruna is not a patchwork of public exploits; it is a continuously maintained evolution of the original Operation Triangulation framework.”

Kaspersky also noted that the way these kits reached multiple threat actors is not fully understood. The vendor raised the possibility of an active market for second-hand zero-day exploits, which could put advanced tools into wider circulation.

Why this matters

These exploit kits let attackers deliver malicious payloads simply when an unsuspecting user visits a compromised website. Multiple threat actors with different motivations have been observed using such kits over the past year. Kaspersky warned that the spread and leak of newer versions could turn highly targeted exploits into mass exploitation tools.

Apple patches and mitigations

Apple has issued security updates to block the vulnerabilities used by the exploit kits. On March 11, Apple released iOS 15.8.7 and iOS 16.7.15, along with matching iPadOS updates, to address issues tied to the Coruna kit. Apple says devices running the latest updated versions of iOS 15 through iOS 16 are protected. Devices still on iOS 13 or iOS 14 need to update to iOS 15 to receive protection.

Apple also highlighted built-in protections. Apple Safe Browsing in Safari is enabled by default and blocks malicious URL domains identified in these attacks. For users who cannot update to a supported version, Apple recommends enabling Lockdown Mode when available.

Lockdown Mode was introduced in 2022 and Apple says it is available on devices running iOS 16 and later. In a statement reported by TechCrunch, Apple said, “We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device.”

What users should do now

  • Update now Go to Settings, General, Software Update and install the latest iOS or iPadOS Apple offers for your device.
  • Enable Lockdown Mode If you cannot update, turn on Lockdown Mode when it is available on your device.
  • Beware of links Avoid clicking unknown links or visiting untrusted sites on older devices.

Apple, Kaspersky, MacRumors, and TechCrunch have all published findings and guidance on this issue. Follow their updates for the latest patches and protection advice.

#iPhoneSecurity #iOSUpdate #MobileSecurity #AppleAlert #ExploitKits #CyberSecurity

#Apple iOS