Critical iPhone Exploit Kits Hit Old iOS, Apple Urges Immediate Update

Apple Warning: Update Your iPhone Now

Apple is warning iPhone and iPad users running older software to update now after researchers said two exploit kits, Coruna and DarkSword, are being used to break into outdated devices through the web.

Apple said in a support document that malicious web content can target older versions of iOS and start an infection chain that can lead to stolen data. “If you’re using an older version of iOS and were to click a malicious link or visit a compromised website, the data on your iPhone might be at risk of being stolen,” Apple said.

Who Is Safe and Who Needs to Update

The company said people already on the latest iPhone software do not need to take action. Apple noted that iOS 15 through iOS 26 include fixes for the security flaws being abused. For older devices that cannot move to the newest version, Apple said users should install iOS 15.8.7, iPadOS 15.8.7, iOS 16.7.15, or iPadOS 16.7.15, depending on the model. Apple also said people still on iOS 13 or iOS 14 should move to iOS 15, and that a Critical Security Update is expected in the next few days.

What Are Coruna and DarkSword Exploit Kits?

Apple’s warning follows research from Google, iVerify, and Lookout, which described DarkSword and Coruna as full exploit kits rather than single bugs. That matters because exploit kits package multiple vulnerabilities into something easier to use. In practice, that means attackers do not need to understand every technical detail themselves.

Watering Hole Attacks Explained (No Click Needed)

Researchers said the kits are delivered through watering hole attacks. That is when hackers compromise a website their target is likely to visit, or copy a site that target group trusts, and then plant malicious code there. Once the victim loads the page, the code tries to trigger the chain of vulnerabilities automatically. No file download is needed. No obvious warning pops up. The victim may not click anything suspicious at all.

What Apple and Researchers Said

Apple said updated devices were not at risk from the reported attacks. Sarah O’Rourke, Apple’s spokesperson, said in a statement that “keeping software up to date remains the single most important thing users can do to maintain the high security of their Apple devices.” Apple also said users should consider Lockdown Mode if updating is not an option and they need extra protection against malicious web content and other threats.

The data theft described by iVerify is broad. Spencer Parker, chief product officer at iVerify, said the exploit’s relative simplicity to deploy and its quick adoption by multiple threat actors in multiple countries shows that powerful tools are now showing up on the secondary market. He said, “nation-state-grade mobile exploitation is now available for mass attack.”

iVerify also said DarkSword can gather Wi-Fi passwords, text messages, call history, location history, browser history, SIM card and cellular data, and even health, notes, and calendar databases. That is a large amount of personal information from a single phone.

According to the reporting, no attacks against Americans or Israelis have been reported so far, but experts warned that any user with outdated software could still be exposed.

Rocky Cole, chief operating officer at iVerify, told NBC that many people still think iPhone attacks are rare. “There’s been this perception in the security community that attacks against iPhones are like mythical beasts, they’re rare,” he said. “Nah, we just don’t really have the tools to see these. I have a feeling that it’s more pervasive than people think.” His point is simple. A secure phone is not a permanently secure phone. Security depends on patching quickly and staying on supported software.

Apple says iOS 26, released in September, already includes protections against these tools. The company also recently issued a dedicated security update for older devices that cannot move to the latest version. For users, the advice is straightforward.

Check your iPhone or iPad settings. Update if you can. If your device is too old, install the latest supported release right away. And if you cannot update immediately, Lockdown Mode may help reduce risk while you plan the upgrade.

For most people, this is a reminder that the biggest danger is not always a dramatic hack or a fake app. Sometimes it is simply an old device that missed too many updates. Apple, iVerify, Lookout, and Google all point to the same conclusion. The exploit kits are real, they are being reused, and unpatched devices are the target.