Apple Urges Immediate Updates to Shield Older iPhones from Coruna and DarkSword Exploit Kits
Apple has issued a critical advisory urging users of older iPhone models to update their devices promptly to protect against sophisticated web-based attacks orchestrated through exploit kits known as Coruna and DarkSword. These exploit kits leverage vulnerabilities in outdated iOS versions, enabling attackers to execute malicious code via specially crafted web content, potentially leading to the theft of sensitive personal information.
The Coruna exploit kit, also referred to as CryptoWaters, comprises 23 exploits across five chains, specifically targeting iPhone models operating on iOS versions between 13.0 and 17.2.1. Initially developed by a commercial surveillance vendor in February 2025, Coruna’s usage has evolved over time. By July 2025, it was reportedly utilized by a Russian espionage group targeting Ukrainian individuals. Subsequently, by the end of the year, financially motivated attackers in China employed Coruna to compromise crypto wallets, highlighting its adaptability and widespread adoption among various threat actors.
Similarly, the DarkSword exploit kit has been identified as a significant threat, exploiting vulnerabilities in older iOS versions to facilitate unauthorized access and data exfiltration. These exploit kits are typically delivered through watering hole attacks, where attackers compromise legitimate websites to serve malicious content to unsuspecting visitors.
Apple’s investigation into these issues has led to the release of software updates designed to address the vulnerabilities exploited by these kits. The company emphasizes that devices running the latest iOS versions are not susceptible to these attacks. Therefore, users are strongly encouraged to update their devices to the most recent software versions to ensure optimal security.
For users with devices that cannot upgrade to the latest iOS versions, Apple recommends the following actions:
– Update to iOS 15.8.7 or iPadOS 15.8.7: This update is available for older devices and includes patches for the vulnerabilities exploited by Coruna and DarkSword.
– Update to iOS 16.7.15 or iPadOS 16.7.15: For devices capable of running iOS 16, this update provides the necessary security fixes.
– Enable Lockdown Mode: In scenarios where updating the device is not feasible, enabling Lockdown Mode can reduce the attack surface by limiting certain functionalities and protecting against malicious web content.
Apple underscores that maintaining up-to-date software is the most effective measure users can take to safeguard their devices against potential threats. Devices with updated software are not at risk from the reported attacks associated with Coruna and DarkSword.
The emergence of exploit kits like Coruna and DarkSword signifies a shift in the cyber threat landscape. Previously, iOS vulnerabilities were primarily exploited in targeted attacks against high-profile individuals. However, the accessibility and deployment of these exploit kits by various threat actors indicate a move towards mass exploitation, posing a broader risk to the general user base.
Security experts note that the relative ease of deploying these exploits, coupled with their rapid adoption by multiple threat actors across different regions, suggests that such powerful tools are now readily available on the secondary market. This development raises concerns about the potential for widespread mobile attacks, making it imperative for all users to prioritize device security through regular updates and vigilance.
In conclusion, Appleās proactive measures in releasing timely updates and providing clear guidance underscore the importance of user participation in maintaining device security. By adhering to recommended update protocols and enabling protective features like Lockdown Mode when necessary, users can significantly mitigate the risks posed by exploit kits such as Coruna and DarkSword.
